The Sovereign Cruise Club Limited is a limited company incorporated in England & Wales with registration number 3600781 and whose registered office address is at 14 Diddenham Court, Grazeley, Reading, RG7 1JQ.
Sovereign Cruise Club take data protection very seriously, we are aware of our obligations under the General Data Protection Regulation and will look at minimisation opportunities and ways to limit the processing of your data where feasible. Confidentiality is very important and at the very core of our business.
What information do we obtain from you?
Essentially, we will require such information as is necessary to enable us to provide you with the booking service you require. The information we process will include personal data and although unlikely to include special category personal data (also known as sensitive personal data), such data may be necessary given the nature of the booking service you seek for your party and yourself and it may be held by us in a paper and/or electronic format.
The information we process that is provided by you direct may include the following as well as any other information type that we expressly ask you to enter and submit to us:
Processing (handling/holding) your personal data
The legal basis for processing your personal data depends on the circumstances. The basis may be:
What do we do with your information?
Our use of your personal data is subject to your instructions, the General Data Protection Regulation (GDPR) , the Data Protection Act, 2018 and any replacement data protection legislation in force in the United Kingdom and our duty of confidentiality owed to you as our customer.
We use the information you provide primarily to provide travel and related services to you including:
If you no longer want to receive information from us
If you no longer wish us to communicate with you please write to The Sovereign Cruise Club with the subject heading “No more contact” at The Sovereign Cruise Club, 14 Diddenham Court, Grazeley, Reading, RG7 1JQ or by emailing us at email@example.com.
Transfer and sharing of your information
Under no circumstances will we sell your personal data to a third party. We will, however, share certain personal data with other service providers as part of the booking service being provided to you, e.g. cruise operators, associated providers and agents.
However, in the event of our insolvency we, or any appointed insolvency practitioner, may disclose your personal information to the Civil Aviation Authority (CAA), and/or the Association of British Travel Agents (ABTA) so that they can assess the status of your booking and advise you on the appropriate course of action under any scheme of financial protection. The CAA‘s General Privacy Notice is at https://www.caa.co.uk/Our-work/About-us/General-privacy-notice/ ABTA’s Privacy Notice is at https://www.abta.com/privacy-notice.
We will not transfer your personal data abroad without your explicit prior consent unless the booking you make, or require us to make for you, is based outside the UK. However, please be aware that countries outside the EEA will have different laws relating to the protection of personal data to that provided in the UK under the GDPR.
We will always ensure that we have appropriate contractual terms in place with all our Suppliers that comply with the General Data Protection Regulation.
We have robust information security management systems in place to ensure the safety, security, integrity and confidentiality of your personal data; we use a variety of data security measures intended to ensure the safety, security, integrity and confidentiality of your personal data. We are familiar with and shall at all times comply with the GDPR and other applicable data protection legislation.
Our IT systems, containing customer data, have rigorously audited technical controls to ensure the confidentiality and integrity of all information is maintained at all times. As a requisite of our Plastic Card Industry (PCI) Compliance, Vulnerability Testing and Penetration Testing is performed regularly by independent Third Parties.
A multiple firewall configuration is maintained in order to protect the network. The outer firewall protects the network from internet attack and the inner firewall segments the network for all devices within PCI scope.
Our website is hosted off site and therefore is not connected to our Network.
Direct client access to our database is not permitted. Client booking information and customer data recall is via an external web server using strict security control.
We maintain full security against virus and Malware attack using the latest Norton 360 Anti-Virus software deployed across our network.
Cookies are text files placed on your computer to collect standard internet and visitor behaviour information. The information is used to track visitor use of our website and for statistics compiled on website activity. For more information visit: www.allaboutcookies.org .
Data Protection Regulator, Complaints Handling and Modern Slavery Statement
You may complain about our conduct in relation to data protection matters to the regulator of data protection in the UK, The Information Commissioner, by writing to them at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephoning them on 0303 123 1113.
We do record our telephone calls to ensure service levels, for training and to aid resolving complaints/disputes. Credit card details are not recorded for PCI compliancy.
Contacts, Subject Access Requests, Correction or Deletion of Data
If you wish to see our records of any correspondence, you have sent to us please contact www.sovereigncruise.co.uk directly on the phone number above. A small charge may be required for this.
Revisions to this Statement
We may change this Statement from time-to-time.
Issued: August 2020