This Policy includes privacy notices and explains when and why we collect Personal Data about the people who visit our website or other platforms such as, mobile applications, email, text messages, chatbots and social media accounts (“Platforms”), how we use such data, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. We will notify you of any material changes on how we use your Personal Data prior to implementing them. Notification of any such material change will be made by email or prominent notice on our website. By using our Platforms, you’re agreeing to be bound by this Policy.
This Policy is produced in accordance with applicable data protection laws including European General Data Protection Regulation (EU 2016/679) (“GDPR”), the Data Protection Act 2018 and UK GDPR.
This Policy is provided in a layered format so you can click through to the specific areas set out below.
We are Icelolly Marketing Limited (icelolly.com, or we or us), a company incorporated and registered in England and Wales (company number 05655962), whose registered office is at 19 – 20 Park Row House, Park Row, Leeds LS1 5JF. We are committed to protecting and respecting your privacy.
The Company is a data controller of your Personal Data collected via the various platforms we use. We offer online travel-related services through our own website and mobile apps, as well as other online platforms such as partners’ websites and social media. The information you are about to read in this statement, generally applies to all of these platforms (which are referred to as “Platforms” in this notice).
In fact, this privacy statement applies to any kind of customer information we collect through all of the Platforms or by any other means connected to these platforms (such as when you contact our customer service team by email).
If you would like any more information or you have any comments or enquiries about our Policy or our processing of your Personal Data, please either write to us at Data Protection Manager, Icelolly Marketing Limited, 19-20 Park Row House, Park Row, Leeds LS1 5JF, or email us at [email protected].
When you first give us Personal Data through our Platforms, we will ask for your consent to contact you about our services, and those of our partners who provide services featured or included on our Websites or Platforms (“Partners”).
Where we rely on your consent as the legal basis to process your Personal Data for a particular purpose, we will not process your Personal Data for that purpose without your consent. We may process your personal data on various different legal bases (other than relying on your consent) and these are explained further below.
You can withdraw consent at any time for us to process your Personal Data to direct market to you by; (i) clicking UNSUBSCRIBE or other opt-out urls on any marketing email you receive from us (ii) clicking the unsubscribe link. https://www.icelolly.com/emailoffers/unsubscribe
You are entitled at any time to obtain information about all your Personal Data that we hold about you. We may request proof of your identity before providing this information.
If you would like access to the Personal Data that we hold about you, you can do this by emailing us at [email protected] (or writing to us at the address stated above under the heading Who Are We?)
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of your other data subject rights explained below). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We control the processing of Personal Data on our Platforms with the aim of keeping the Personal Data we hold about you accurate and up to date. If you tell us that we are holding any inaccurate Personal Data about you we will, subject to any statutory provisions, (especially those affecting our accounting, processing of claims and mandatory data retention which may prohibit deletion or anonymization), delete it or correct it promptly.
Please email us at [email protected] or write to us at the address above to correct or update your Personal Data.
You have various rights under data protection law, including:
If you want to request erasure of your Personal Data, object to the processing of your personal data, or request that we transfer a copy of your Personal Data to another party, please contact us at [email protected].
Further information on these rights and GDPR can be found at https://ico.org.uk.
Right to complain: You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate data subject requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
When you use or visit our Platforms, we collect information from you. Some of it may be Personal Data.
This information includes:
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. If you do send us such personal data for any reason, we will only use it with your explicit consent for the purposes specified in your request.
When you give us Personal Data, you are telling us that the information is true, accurate, complete and current. You are also telling us that you have the authorisation to provide it to us.
We collect your Personal Data:
Platform features may make use of your device attributes and settings that will allow us to determine your physical location. Such technologies may include IP address mapping, WiFi, GPS signals, cell tower positioning or other technologies.
We use your Personal Data to enhance and personalise your experience and provide you with offers and services that may be of interest to you.
These can be based on your Profile Data and Marketing and Communications Data. For example, we may help you find deals flying from your closest airport or send you messages that may be of interest to you based on your current location. We may also use your Personal Data to provide the services on our website to you and as outlined in the Table below.
icelolly.com does not have control over your device settings, but we recommend enabling location services on your device so that you can take advantage of the location-based features and functionality offered.
We have set out below, in a table format, a description of all the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please Contact us ([email protected]) if you need details about the specific legal basis we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of data
Contact you as follows:
a) To send alerts and notifications you have subscribed to, including to your mobile device;
Store information about your preferences and so allow us to customise our Platforms according to your individual interests;
Respond to a service request (via chat or other Platforms)
Provide you with, or facilitate the provision of, products and services you are looking for
Process data to understand the users of our Platforms and services, and improve our Platforms and services.
Take action to protect and prevent our tangible and intellectual property and to prevent damage to them.
Display more relevant advertising and recommendations or suppress advertising and content that you might find irrelevant.
Estimate our audience size and usage pattern;
To speed up your searches;
|To recognise you when you return to our Platforms.|
Note: this is without affecting our obligation to tell you about cookies where appropriate and to obtain your consent to use certain cookies.
To ensure network, information and system security, including testing and development of IT systems
a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, business reorganisation or group restructuring exercise)
To participate and comply with industry watch-lists and industry self-regulatory schemes
a) Necessary for our legitimate interests (to develop our products/services and grow our business, for running our business, provision of administration and IT services, network security)
To carry out corporate operations and due diligence (reporting of management information, operation of financial/risk/credit models, back office operation, managing third party service providers, corporate reorganisations, corporate or asset sales)
a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, business reorganisation or group restructuring exercise, investment or sale of business)
To report potential crimes to relevant authorities
a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)
To detect and prevent fraud and crime
a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)
Personal Data about our customers is an important part of our business and we shall only use your Personal Data for the above purposes and shall not keep such Personal Data longer than is necessary to fulfil these purposes.
We will not share your Personal Data with third parties unless we have a lawful basis for doing so, or as otherwise permitted or required by applicable data protection laws.
Partners: We may need to share your Personal Data with our travel Partners, for example, in order to facilitate your placing of an order for travel services with a travel partner, or to receive any feedback on their services.
Promotions/Competitions: We may share your Personal Data as otherwise described and notified to you at the time of collection. For example, if you provide your Personal Data to enter a competition, we may share your Personal Data with promotional or business partners for the purposes of entering such competition.
Sale or Reorganisations: In in the event of a sale of our business, or a reorganisation of our business, or as otherwise required by law or applicable regulator, we may transfer your Personal Data to third parties (as part of the information generally contained in business) but such transferred data would be subject to this Policy and will not be transferred unless the recipient can commit to keep your Personal Data secure and in accordance with applicable privacy laws.
Reviews: If you provide a review of your trip via our website or on a linked website, you will be required to authorise us to publish it on all our Platforms under the screen name you provided on our website or the linked website. You also authorise us to aggregate it with other reviews.
As required by law: We may disclose Personal Data if required by law, for example to law enforcement or other authorities. This includes court orders, subpoenas and orders arising from legal processes, and administrative or criminal investigations. We may also disclose your Personal Data if the disclosure is necessary for the prevention, detection or prosecution of criminal acts or to prevent other damage, or in response to a legal action or to enforce our rights and claims.
Service providers: We may share with service providers who acting as processors provide IT, hosting and system administration services.
Group companies: We may disclose your Personal Data to any member of our group of companies, which means any subsidiary or holding company of icelolly.com and a "subsidiary" includes a "subsidiary" and a "subsidiary undertaking" (each as defined in the Companies Act 2006) and a "holding company" includes a "holding company" and a "parent undertaking" (each as defined in the Companies Act 2006). We will do so under strict conditions of confidentiality.
Children: We do not knowingly collect Personal Data from minors (persons under the age of 18 years). If we become aware that a minor is attempting to submit Personal Data, we will remove this Personal Data from our records. If you are the parent/legal guardian of a minor who has given us Personal Data, please contact us immediately at [email protected] so we can delete it.
We may also share anonymous aggregated usage information with others.
Our servers and data centres are located in the UK and European Union (EU). However, we may need to transfer your Personal Data from inside the UK to the European Economic Area EEA and to staff operating outside the EEA who work for us or for one of our Partners. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. These countries may have different and/or less stringent privacy/data protection and data security rules than those of the UK and EU, but we will in any event ensure that any transfer of your Personal Data is carried out in accordance with applicable data protection law. We will take all steps to ensure that your data is treated securely and in accordance with this Policy.
If we need to transfer your Personal Data outside the EEA to a third party (for example, one of our travel Partners) or to one of our group companies, we will satisfy at least one of the following conditions:
If we need to transfer your Personal Data outside the EEA to another of our group companies, we may, as an alternative to the above three conditions, use Binding Corporate rules. For further details, see European Commission: Binding corporate rules.
We have a security program designed to keep the Personal Data stored in our systems protected from unauthorised access and misuse. Personal Data may only be accessed by persons within our organisation or Partners who are authorised to access personal data and to carry out the uses indicated in this Policy.
Unfortunately, the transmission of information via the internet is not completely secure. We will do our best to protect your Personal Data and will comply with applicable data protection laws when doing so, but we cannot guarantee the security of your data transmitted to our website and other Platforms via the internet; any transmission is at your own risk
Once we have received your Personal Data, we will use strict procedures and security features to try to prevent unauthorised access.
Please note that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered – this is the nature of the internet. Subject to and with affecting our obligations under applicable data protection laws, we cannot accept responsibility for any unauthorised access or loss of Personal Data through no fault of ours that is beyond our reasonable control. You are encouraged not to include any sensitive or Special Category data in your communications with us.
We will only keep your Personal Data for the purposes outlined in this Policy and when these purposes have expired, or are no longer relevant, or you have withdrawn your consent for us to use your Personal Data (and we have no other lawful basis to use such data), we will delete such data. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In the meantime, we will continue to use your Personal Data to contact you in the manner set out in this Policy or otherwise for the purposes set out in this Policy. If you have any questions regarding data retention periods please contact us at [email protected]
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data required by law or required to provide a service you have requested, and you fail to provide that data when requested, we may not be able to provide you with the services requested.
When we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer’s hard drive that records how you’ve used a website. These are called ‘cookies’. These cookies are used to improve services for you. So, for example, the next time you visit that website, it can tailor your options based on the information it has stored about your last visit.
A web browser cookie is a small text file that websites place on your computer’s or mobile device’s web browser.
These cookies store information about the content you view and interact with, in order to remember your preferences and settings or analyse how you use online services.
Cookies are divided into ‘first party’ and ‘third party’:
Cookies can be either ‘session cookies’ or ‘permanent cookies’:
Further, cookies fall into one of the following categories:
Web browser cookies may store information such as your IP address or another identifier, your browser type, and information about the content you view and interact with on digital services. By storing this information, web browser cookies can remember your preferences and settings for online services and analyse how you use them.
To learn more about the cookies we use on our website go to www.icelolly.com/cookies
Your browser may give you the ability to control cookies. How to do this varies from browser to browser. You should view the Help menu on the browser you use for further information. By turning off cookies, you might not be able to use some of the products or services on our Platforms.
We or our third-party service providers may set and use analytics cookies. These allow us to gather aggregated or segmented information about the types of visitors that access our Platforms and the pages and advertisements that they view.
We also use data collection cookies to enhance your use of our website. As stated above, these cookies are used to help us understand how you engage with the icelolly.com website so we can tailor content based on your interests.
You may not be able to use any of the above features if you set your device to block cookies, delete cookies or opt out of online behavioural advertising.
We may analyse your Personal Data to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. This can involve profiling, that is, automated processing of your Personal Data to determine and evaluate your preferences. You have a right to object to such profiling where we process on the basis of legitimate interest.
We, our advertisers and our business partners, use several common tracking tools (such as pixels and tracking URLs) on the Platforms and those platforms of our advertisers and partners. For example, our email messages may contain pixels and tracking URLs to determine whether you have opened a certain message or accessed a certain link.
We use these tools in order to:
We may also use Google Analytics to collect demographic and interest data about you (such as age, gender, and interests), which enables us to improve our platforms and deliver content pertinent to the visitor.
Our website and Platforms may contain links to other websites run by other organisations. This Policy applies only to our website and Platforms‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites and platforms even if you access them using links from our Platforms.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.