Privacy Policy

Andrew Burnet & Company Limited (“we”, “our”, “us” or “ABC”) is committed to protecting the privacy of all users of our website, our mobile applications and our services. Please read the following privacy policy that explains how we use and protect your information.

  1. Contact Details

If you have any queries or requests concerning this privacy policy or how we handle your data more generally, please get in touch with us using the following details.

Address: Andrew Burnet & Company Limited, 6 Atholl Crescent, Perth, PH1 5JN

Phone: [     ]

Email: [      ]

  1. How We Collect Your Information

We collect your personal information when you interact with us or use our services. We also look at how visitors use our website, to help us improve our services and optimise customer experience.

We collect information:

  • when you create an account with us or you change your account settings;
  • when you place a booking with us;
  • when you contact us directly; and
  • when you browse and use our website/mobile applications.

We also collect information from third party sites, such as advertising platforms and our fraud detection provider.

  1. Information We Collect

As part of our commitment to the privacy of our customers and visitors to our website more generally, we want to be clear about the sorts of information we will collect from you.

When you use our services or place a booking you may be asked to provide information about yourself including your name, contact details, email address, mobile number, ID document detail, insurance detail, relevant medical data and special dietary or disability requests, order details and payment information such as credit or debit card information.

We may also collect information relating to your social preferences, interests and activities.

We also collect information about your usage of our website or when you contact us or provide us with feedback, including via e-mail, letter, phone.

  1. Other sources of personal data

We may use personal data from other sources, such as retail/travel partners.

Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.

If you log-in using your social network credentials to connect to our platforms and online services e.g. Facebook, Google+ and Twitter, you will agree to share your user details with us. For example, your name, email address, date of birth, location and any other information you choose to share with us.

  1. Personal data you provide about other people

We use personal data about other individuals provided by you, such as those people on you booking.

By providing other people’s personal data, you must be sure that they agree to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.

  1. Information We Use

We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information: if we need to process your information in order to provide you with the service you have requested or to enter into a booking; we have your consent; we have a justifiable reason for processing your data; or we are under a legal obligation to do so.

We may use personal data to respond to and to manage security options, accidents or other similar incidents, including medical and insurance purposes.

Where we need to in order to provide you with the service you have requested or to enter into a booking, we use your information:

  • to supply the services you have requested;
  • to enable us to collect payment from you;
  • to contact you where necessary concerning our services;
  • to contact you in relation to applicable laws, regulatory requirements, government guidance and related;
  • to contact you in relation to health and safety (including, but not limited to track and trace, social distancing and related).

We also process your data where we have a justifiable reason for doing so— for example personalisation of our service, including processing data to make it easier and faster for you to place orders. We have listed these reasons below:

  • to improve the effectiveness and quality of service that our customers can expect from us in the future;
  • to tailor content and advertising which is most relevant to you;
  • to enable us to help you with any enquiries in the most efficient way possible and to provide a positive customer experience;
  • to contact you for your views and feedback on our services and to notify you if there are any important changes or developments to our services;
  • to send you information by post about our products, services and promotions (if you do not want to receive these, you can let us know by getting in touch (please see Contact Details));
  • to analyse your activity on our website/mobile applications so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to prevent fraud;
  • to enforce our contractual terms with you and any other agreement, and for the exercise or defence of legal claims and to protect the rights of ABC, our travel partners, or others (including to prevent fraud);
  • if you submit comments and feedback regarding our services, we may use such comments and feedback in any marketing or advertising materials; and

Where we rely on legitimate interest as a basis for processing your personal information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests. You can find out more information about these balancing tests by contacting us using the details above.

Where we are under a legal obligation to do so we may use your information to:

  • create a record of your booking;
  • comply with any legal obligation or regulatory requirement to which we are subject.
  1. Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

  1. Direct Marketing

Where you have given your consent or where we have a justifiable reason for doing so (and are permitted to do so by law) we will use your information to let you know about our other products and services that may be of interest to you.

  1. Information Retention

Information that we collect will be retained for as long as needed to fulfil the purposes outlined above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.

When determining the relevant retention periods, we will take into account factors including:

  • our contractual obligations and rights in relation to the information involved;
  • legal obligation(s) under applicable law to retain data for a certain period of time;
  • limitations under applicable law(s);
  • our legitimate interests where we have carried out balancing tests;
  • (potential) disputes; and
  • guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information where we no longer require your information for the purposes collected.

  1. Information Disclosure

We may share your information with third party service providers. The types of third party service providers whom we share your information with includes:

  • Payment providers: for the purposes of providing services to us, for example when they process information such as credit card payments for us, provide support services to you or carry out fraud checks for us;
  • IT service providers:including cloud, software, analytics, communications and data storage providers.
  • Suppliers: in order to provide products or services requested by you, we may share personal data with suppliers of your travel/hospitality/dining/event arrangements;
  • Customer support partners: who will help us to resolve any issues you may have with our services; and
  • Marketing and advertising partners: so that they can ensure that you see advertising which is more relevant to you and send you email and postal marketing on our behalf.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy when it is transferred to third parties.

If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.

We may also share your information:

  • if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation, regulatory requirement or guidance. This includes exchanging information with other companies and other organisations for the purposes of health and safety, fraud protection and prevention;
  • in order to enforce our contractual terms with you and any other agreement;
  • to protect the rights of ABC, travel/activity partners or others, including to prevent fraud; and
  • with such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police.

International transfers of data:

  • In some cases the personal data we collect from you might be processed outside the UK/European Economic Area (“EEA“). These countries may not have the same protections for your personal data as the EEA has. However, we are obliged to ensure that the personal data that is processed by us and our suppliers outside of the EEA is protected in the same ways as it would be if it was processed within the EEA. There are therefore certain safeguards in place when your data is processed outside of the EEA.
  • We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
  • your personal data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • we use the EU approved Standard Contractual Clauses; and
  • where your personal data is transferred to third party providers based in the US, data may be transferred to them if they have self-certified under the Privacy Shield framework in relation to the type of data being transferred, which requires them to provide similar protection to personal data shared between the EU and the US.
  • Please contact us using the contact details above if you would like further information on the countries to which personal data may be transferred and the specific mechanism used by us when transferring your personal data out of the EEA.
  1. Security

We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected.

We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to our website and or mobile applications; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

  1. Your Rights

Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact us, using the contact details set out above. For additional information on your rights please contact your data protection authority and see below.

Right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.

Right of access

You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch (please see Contact Details).

Right to rectification 

You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us (please see Contact Details).

Right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the information that we hold about you by contacting us (please see Contact Details).

Right to restrict processing

You have rights to ‘block’ or ‘suppress’ further use of your information. When processing is restricted, we can still store your information, but will not use it further.

Right to data portability

You have the right to obtain your personal information in an accessible and transferable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (please see Contact Details).

Right to lodge a complaint

You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.

Right to withdraw consent

If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (please see Contact Details). Withdrawing consent will not however make unlawful our use of your information prior to withdrawal.

Right to object to processing

You have the right to object to certain types of processing, including processing for direct marketing and profiling. You can object by changing your marketing preferences, disabling cookies or by getting in touch (please see Contact Details).

  1. Updates

This Privacy Policy replaces all previous versions. We may update at anytime so please check it regularly on our website for any updates. If the changes are significant, we will provide a prominent notice on our website including, if we believe it is appropriate, email notification of the changes.

This privacy policy was last updated: 9 September 2020.