PRIVACY POLICY
Choffor Limited understands Data Privacy and the Security of Personal Data is a sensitive area and has become even more important with the new General Data Protection Regulation (GDPR) legislation.
This Policy has been updated to cover how Choffor Limited collects, uses, discloses, transfers and stores personal information, informing our clients of their rights over their Personal Data. This policy applies when our clients use our online services, either by web or through our mobile applications, by telephone or otherwise by using electronic means interacting with our websites, email or social media channels.
WHAT DATA DO WE COLLECT & PROCESS AND WHY?
Personal Data
Non-Personal Data
Choffor Limited additionally collects data that does not on its own make direct associations possible with users of our systems and services. This is considered ‘Non-Personal Data’; it is collected via our website cookies and includes the following:
Non-Personal Data is also used for internal purposes such as data analysis and research on improving our services.
How We Use Your Personal Data
We use the Personal Data we collect and process it, either because it is necessary for us to do so as part of the services we provide to you due to having entered into a contract with us or because we have a legitimate business reason for doing so.
Which Countries and Who Will Your Personal Data Be Sent to?
Choffor Limited’s data centres operate within the European Economic Area (EEA). However, your Personal Data is held on a combination of Choffor Limited’s EEA-based data-centres, the systems of the suppliers we use to provide our services and ultimately the providers of the services you select such as a tour, a chauffeur/taxi transfer service, etc.
Some of these third parties which may be based outside the EEA may not be subject to the same level of controls in relation to data protection as we have in the UK and the EEA. Therefore, as a first step, Choffor Limited ensures safeguards are set within the contractual clauses in an approved legal form or by having our suppliers sign up to an independent privacy scheme approved by regulators.
How Do We Choose Our Service Providers for You?
Legal and Governmental Authorities
When Choffor Limited is requested to provide Personal Data by law, legal process, litigation and/or requests from governmental authorities within or outside the clients’ country of residence, it will be obliged to comply and proceed with providing your Personal Data.
Protection of Personal Information & Security
Choffor Limited acknowledges that the Information Security and the protection of our clients’ Personal Data is an ongoing commitment and will continue to evolve in complexity, as do threats. As a result, Choffor Limited has taken significant technical steps to ensure we are compliant with the DPA (Data Protection Act) and GDPR frameworks through an extensive GDPR-readiness program, continuous work and investment throughout the 3 Ps (People, Platform, Process), in addition to being certified in PCI DSS and Information Security
Governance standards such as ISO 27001 and Cyber Essentials. Our Information-Security readiness is annually audited independently so as to ensure that we maintain a high level of commitment and quality across the 3 Ps (People, Process, Platform).
At a technical level, servers hosting the online booking services use SSL (Secure Sockets Layer) data encryption to help keep your data secure. Where possible, Personal Data entered is encoded before it is sent to Choffor Limited and our suppliers, protecting it as it is transferred over the Internet. However, it must be noted that the transmission of information via the Internet is not completely secure and while Choffor Limited will endeavour to ensure that any information entered into the Online Booking Services is secure, it does not guarantee the security of the data transmitted to or from such services.
There are a very large number of measures that Choffor Limited takes and continuously improves upon to further safeguard the security of your Personal Data. To name a few, examples include multiple internal and external penetration tests, mandatory annual Information Security training and testing for its staff, mandatory reading of Information Security Policies, the enforcing of Access Control policies, the utilisation of advanced network perimeter threat detection & prevention to guard the facilities which store client data.
How Long Do We Keep Your Personal Data?
Choffor Limited retains your Personal Data for the period necessary to fulfil your booked travel, transfer and tour arrangements except in cases when a longer retention period is required by law or other legal obligation. We will only hold the minimum necessary data to provide the services you have requested us to provide and we will do so for no longer than 12 months after the last booking has been completed.
Should we be operating with you through a client contract and that be terminated, your data will not be kept for longer than 12 months. A period of up to 12 months’ post-contract termination is acceptable to cater for bookings which are made for up to 12 months in advance.
WHAT ARE YOUR RIGHTS AS TO YOUR PERSONAL DATA?
Accessing It & Requesting A Copy
As entitled by the GDPR, as our clients, you have the right to request and receive a copy of your Personal Data in a user-friendly format.
Asking for It to Be Deleted – “Right to Be Forgotten”
You are also entitled to request the erasure of your personal data, exercising your “Right to be Forgotten”. It must be noted, however, that when travel is booked through an organisation (e.g. a Tour Operator) with which Choffor Limited has a contract, all such requests can be actioned only when approved by the client organisation which acts as the Data Controller.
Note that Choffor Limited has the option to refuse such requests if they impact its ability to provide the contracted services to the organisation which the traveller belongs to or if there is a legal requirement to maintain the data. In the event that either of these scenarios is enacted, Choffor Limited will work with the Data Controller towards resolution.
Withdrawing Your Consent
At any given point in time, you have the right to withdraw your consent for us to use your Personal Data when providing our services to you. As before, when a service is booked
through an organisation with which Choffor Limited has a contract, all such requests can be actioned only when approved by the client organisation which acts as the Data Controller.
How Can You Contact Us?
Any communications relating to data access requests or the withdrawal of your consent can be made in writing to:
Choffor Limited
20 Cromwell Road
Camberley Surrey
GU15 4HY
Alternatively, you may contact us by e-mail to wes.qureshi@choffor.com
Changes to This Policy
The Choffor Limited Privacy Policy is a live policy and adjusts to the changes in the ever-evolving frameworks governing privacy concerns. As such, our Privacy Policy will change from time to time. Client rights will not be affected without the client’s explicit consent. All Privacy Policy changes will be communicated to our clients using email communications. Our users have the right to request a copy of a previous version of our Privacy Policy.
Choffor Limited