Boutique sun and ski specialists redefining the way you travel. ATOL protected.

Introduction The General Data Protection Regulation (GDPR), enacted in May 2018, addresses the complexity of data protection laws in Europe and adapts to our modern digital lives. This regulation emphasises collective responsibility for information security practices and behaviours. Essentially, it reminds us that the data we handle is valuable, and we should treat it with the same care as our personal information.

Our Responsibilities The Handmade Holiday Company acts responsibly with the data we manage. Here are the key actions we will undertake:

  • Think before leaving information unattended: Always secure documents and devices.

  • Think before taking information out of the office: Ensure data is protected when taken offsite.

  • Think before leaving PC logged on: Log out or lock your computer when not in use.

  • Think before you print: Consider the necessity and security of printed documents.

  • Think before discussing company data outside of the office: Be mindful of confidential conversations.

  • Dispose of information carefully: Shred or securely delete sensitive data.

  • Check the email address before pressing send: Verify recipients before sending emails.

  • Check the attachments before pressing send: Ensure correct and secure attachments.

  • Only keep data for as long as it is required: Follow data retention policies.

  • Check it is stored securely: Use secure methods for storing data.

By fulfilling these responsibilities, we minimise the risks associated with information and security breaches, thereby avoiding:

  • Accidental or deliberate data loss or exposure.

  • Penalties and judgments imposed by regulatory bodies.

  • Damage to our reputation resulting from a breach.

  • Disruption to daily operations and business performance.

  • Most incidents occur due to distractions or errors. It is crucial to remain vigilant and attentive.

Key Responsibilities

  1. Protect Customer Data: Ensure customers' information is kept safe and secure, including names, contact details, and other personal data.

  2. Get Permission: Obtain clear permission from individuals before collecting or using their data, ensuring they understand how their information will be used.

  3. Use Data Wisely: Utilize customer data only for the purposes stated. For example, if an email address is provided for booking updates, do not use it for marketing unless explicit consent is given.

  4. Keep Records: Maintain records of what data is held, the reasons for holding it, and how it is used, demonstrating compliance with GDPR.

  5. Respond to Requests: Address customer requests to access or delete their data promptly, typically within one month.

  6. Protect Against Data Breaches: Implement measures to prevent data breaches. If a breach occurs, report it to the authorities and inform affected customers.

  7. Train our Staff: Ensure all employees are knowledgeable about GDPR and trained in handling customer data responsibly.

  8. Stay Updated: Keep informed about GDPR rules and any changes that may impact the business.

Conclusion In simple terms, GDPR is about being respectful and responsible with people's personal information, obtaining their permission, and keeping it safe. Adhering to these rules is beneficial for our customers and essential for our business.

By following this policy, The Handmade Holiday Company demonstrates its commitment to protecting personal data and upholding the highest standards of data privacy and security.

GDPR Policy