Privacy Policy and privacy notice
Last updated: August 2021This Policy includes privacy notices and explains when and why we collect Personal Data about the people who visit our website or other platforms such as, mobile applications, email, text messages, chatbots and social media accounts (“Platforms”), how we use such data, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. We will notify you of any material changes on how we use your Personal Data prior to implementing them. Notification of any such material change will be made by email or prominent notice on our website. By using our Platforms, you’re agreeing to be bound by this Policy.
This Policy is produced in accordance with applicable data protection laws including European General Data Protection Regulation (EU 2016/679) (“GDPR”), the Data Protection Act 2018 and UK GDPR.
This Policy is provided in a layered format so you can click through to the specific areas set out below.
Your choices and right to withdraw consent.
How we collect your Personal Data
Why we collect your Personal Data
Purposes for which we use your Personal Data
How we share your Personal Data
How we store and protect your Personal Data
How long we keep your Personal Data
Cookies, tracking tools and profiling
Who are we?
We are Icelolly Marketing Limited (icelolly.com, or we or us), a company incorporated and registered in England and Wales (company number 05655962), whose registered office is at 19 – 20 Park Row House, Park Row, Leeds LS1 5JF. We are committed to protecting and respecting your privacy.
The Company is a data controller of your Personal Data collected via the various platforms we use. We offer online travel-related services through our own website and mobile apps, as well as other online platforms such as partners’ websites and social media. The information you are about to read in this statement, generally applies to all of these platforms (which are referred to as “Platforms” in this notice).
In fact, this privacy statement applies to any kind of customer information we collect through all of the Platforms or by any other means connected to these platforms (such as when you contact our customer service team by email).
Contact Us
If you would like any more information or you have any comments or enquiries about our Policy or our processing of your Personal Data, please either write to us at Data Protection Manager, Icelolly Marketing Limited, 19-20 Park Row House, Park Row, Leeds LS1 5JF, or email us at [email protected].
Your choices and right to withdraw consent
When you first give us Personal Data through our Platforms, we will ask for your consent to contact you about our services, and those of our partners who provide services featured or included on our Websites or Platforms (“Partners”).
Where we rely on your consent as the legal basis to process your Personal Data for a particular purpose, we will not process your Personal Data for that purpose without your consent. We may process your personal data on various different legal bases (other than relying on your consent) and these are explained further below.
You can withdraw consent at any time for us to process your Personal Data to direct market to you by; (i) clicking UNSUBSCRIBE or other opt-out urls on any marketing email you receive from us (ii) clicking the unsubscribe link. https://www.icelolly.com/emailoffers/unsubscribe
Your Rights
Subject Access Requests
You are entitled at any time to obtain information about all your Personal Data that we hold about you. We may request proof of your identity before providing this information.
If you would like access to the Personal Data that we hold about you, you can do this by emailing us at [email protected] (or writing to us at the address stated above under the heading Who Are We?)
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of your other data subject rights explained below). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Updating your Personal Data
We control the processing of Personal Data on our Platforms with the aim of keeping the Personal Data we hold about you accurate and up to date. If you tell us that we are holding any inaccurate Personal Data about you we will, subject to any statutory provisions, (especially those affecting our accounting, processing of claims and mandatory data retention which may prohibit deletion or anonymization), delete it or correct it promptly.
Please email us at [email protected] or write to us at the address above to correct or update your Personal Data.
Your other rights under GDPR
You have various rights under data protection law, including:
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Data to another party.
If you want to request erasure of your Personal Data, object to the processing of your personal data, or request that we transfer a copy of your Personal Data to another party, please contact us at [email protected].
Further information on these rights and GDPR can be found at https://ico.org.uk.
Right to complain: You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Time to respond
We try to respond to all legitimate data subject requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
The types of Personal Data we collect
When you use or visit our Platforms, we collect information from you. Some of it may be Personal Data.
This information includes:
- Profile Data includes your interests, preferences, feedback and survey responses, support requests and responses, and (if you choose to send us your email address) your email address.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your holiday preferences.
- Identity Data includes email address and partial post code.
- Contact Data includes email address and telephone numbers.
- Technical Data includes internet protocol (IP) address, access times, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, settings and platform and other technology on the devices you use to access this website screen resolution, referring URL; (If you are using a mobile device) data that identifies your device, your settings and your location.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. If you do send us such personal data for any reason, we will only use it with your explicit consent for the purposes specified in your request.
When you give us Personal Data, you are telling us that the information is true, accurate, complete and current. You are also telling us that you have the authorisation to provide it to us.
How we collect your Personal Data
We collect your Personal Data:
- Directly from you - For example, when you provide us with your Personal Data when you register with or use our Platforms or use our online chat products or other services or when you otherwise interact with us.
- Passively - For example, we collect Technical Data and information about you over time when you visit our Platforms. We also use automated technologies and tracking tools like cookies, analytical tools and beacons. Please see our cookie policy below for details.
- From third parties - This can include when you log in using a third-party platform, such as Facebook, analytics providers such as Google, advertising networks such as DoubleClick and ClickTripz and search information providers such as ClickTripz. In the case of ClickTripz who provide personalized shopping experiences and advertising and use online identifiers to identify visitors, you can review their privacy policy at https://www.clicktripz.com/privacy_policy.php.
Platform features may make use of your device attributes and settings that will allow us to determine your physical location. Such technologies may include IP address mapping, WiFi, GPS signals, cell tower positioning or other technologies.
Why we collect your Personal Data
We use your Personal Data to enhance and personalise your experience and provide you with offers and services that may be of interest to you.
These can be based on your Profile Data and Marketing and Communications Data. For example, we may help you find deals flying from your closest airport or send you messages that may be of interest to you based on your current location. We may also use your Personal Data to provide the services on our website to you and as outlined in the Table below.
icelolly.com does not have control over your device settings, but we recommend enabling location services on your device so that you can take advantage of the location-based features and functionality offered.
Purposes for which we use your Personal Data
We have set out below, in a table format, a description of all the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please Contact us ([email protected]) if you need details about the specific legal basis we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity | Type of data | Lawful Basis | ||||||
Contact you as follows: a) To send alerts and notifications you have subscribed to, including to your mobile device; |
| Consent | ||||||
Store information about your preferences and so allow us to customise our Platforms according to your individual interests; |
| Legitimate interest | ||||||
Respond to a service request (via chat or other Platforms) |
| Legitimate interest | ||||||
Provide you with, or facilitate the provision of, products and services you are looking for |
| Legitimate interest | ||||||
Process data to understand the users of our Platforms and services, and improve our Platforms and services. |
| Legitimate interest | ||||||
Take action to protect and prevent our tangible and intellectual property and to prevent damage to them. |
| Legitimate interest | ||||||
Display more relevant advertising and recommendations or suppress advertising and content that you might find irrelevant. |
| Legitimate interest | ||||||
Estimate our audience size and usage pattern; |
| Legitimate interest | ||||||
To speed up your searches; |
| Legitimate interest | ||||||
| To recognise you when you return to our Platforms. |
| Legitimate interest Note: this is without affecting our obligation to tell you about cookies where appropriate and to obtain your consent to use certain cookies. | ||||||
To ensure network, information and system security, including testing and development of IT systems |
| a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, business reorganisation or group restructuring exercise) | ||||||
To participate and comply with industry watch-lists and industry self-regulatory schemes |
| a) Necessary for our legitimate interests (to develop our products/services and grow our business, for running our business, provision of administration and IT services, network security) | ||||||
To carry out corporate operations and due diligence (reporting of management information, operation of financial/risk/credit models, back office operation, managing third party service providers, corporate reorganisations, corporate or asset sales) |
| a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, business reorganisation or group restructuring exercise, investment or sale of business) | ||||||
To report potential crimes to relevant authorities |
| a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) | ||||||
To detect and prevent fraud and crime |
| a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) |
Personal Data about our customers is an important part of our business and we shall only use your Personal Data for the above purposes and shall not keep such Personal Data longer than is necessary to fulfil these purposes.
How we share your Personal Data
We will not share your Personal Data with third parties unless we have a lawful basis for doing so, or as otherwise permitted or required by applicable data protection laws.
Partners: We may need to share your Personal Data with our travel Partners, for example, in order to facilitate your placing of an order for travel services with a travel partner, or to receive any feedback on their services.
Promotions/Competitions: We may share your Personal Data as otherwise described and notified to you at the time of collection. For example, if you provide your Personal Data to enter a competition, we may share your Personal Data with promotional or business partners for the purposes of entering such competition.
Sale or Reorganisations: In in the event of a sale of our business, or a reorganisation of our business, or as otherwise required by law or applicable regulator, we may transfer your Personal Data to third parties (as part of the information generally contained in business) but such transferred data would be subject to this Policy and will not be transferred unless the recipient can commit to keep your Personal Data secure and in accordance with applicable privacy laws.
Reviews: If you provide a review of your trip via our website or on a linked website, you will be required to authorise us to publish it on all our Platforms under the screen name you provided on our website or the linked website. You also authorise us to aggregate it with other reviews.
As required by law: We may disclose Personal Data if required by law, for example to law enforcement or other authorities. This includes court orders, subpoenas and orders arising from legal processes, and administrative or criminal investigations. We may also disclose your Personal Data if the disclosure is necessary for the prevention, detection or prosecution of criminal acts or to prevent other damage, or in response to a legal action or to enforce our rights and claims.
Service providers: We may share with service providers who acting as processors provide IT, hosting and system administration services.
Group companies: We may disclose your Personal Data to any member of our group of companies, which means any subsidiary or holding company of icelolly.com and a "subsidiary" includes a "subsidiary" and a "subsidiary undertaking" (each as defined in the Companies Act 2006) and a "holding company" includes a "holding company" and a "parent undertaking" (each as defined in the Companies Act 2006). We will do so under strict conditions of confidentiality.
Children: We do not knowingly collect Personal Data from minors (persons under the age of 18 years). If we become aware that a minor is attempting to submit Personal Data, we will remove this Personal Data from our records. If you are the parent/legal guardian of a minor who has given us Personal Data, please contact us immediately at [email protected] so we can delete it.
We may also share anonymous aggregated usage information with others.
How we store and protect your Personal Data
Our servers and data centres are located in the UK and European Union (EU). However, we may need to transfer your Personal Data from inside the UK to the European Economic Area EEA and to staff operating outside the EEA who work for us or for one of our Partners. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. These countries may have different and/or less stringent privacy/data protection and data security rules than those of the UK and EU, but we will in any event ensure that any transfer of your Personal Data is carried out in accordance with applicable data protection law. We will take all steps to ensure that your data is treated securely and in accordance with this Policy.
If we need to transfer your Personal Data outside the EEA to a third party (for example, one of our travel Partners) or to one of our group companies, we will satisfy at least one of the following conditions:
- The third country outside the EEA is the subject of a determination of adequacy by the ICO or European Commission (as appropriate); or
- use specific contracts (between us and the recipient organisation) approved by the ICO (or European Commission as appropriate) which give personal data the same protection it has in the UK (and the EEA where appropriate). For further details, see European Commission: Model contracts for the transfer of personal data to third countries; or
- obtain your explicit consent to the transfer of your Personal Data prior to the transfer after making you aware of the risks involved in such transfers;
- only transfer if necessary pursuant to a contract between the data controller and you (or pre-contractual measures at your request);
If we need to transfer your Personal Data outside the EEA to another of our group companies, we may, as an alternative to the above three conditions, use Binding Corporate rules. For further details, see European Commission: Binding corporate rules.
We have a security program designed to keep the Personal Data stored in our systems protected from unauthorised access and misuse. Personal Data may only be accessed by persons within our organisation or Partners who are authorised to access personal data and to carry out the uses indicated in this Policy.
Unfortunately, the transmission of information via the internet is not completely secure. We will do our best to protect your Personal Data and will comply with applicable data protection laws when doing so, but we cannot guarantee the security of your data transmitted to our website and other Platforms via the internet; any transmission is at your own risk
Once we have received your Personal Data, we will use strict procedures and security features to try to prevent unauthorised access.
Internet
Please note that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered – this is the nature of the internet. Subject to and with affecting our obligations under applicable data protection laws, we cannot accept responsibility for any unauthorised access or loss of Personal Data through no fault of ours that is beyond our reasonable control. You are encouraged not to include any sensitive or Special Category data in your communications with us.
How long we keep your Personal Data
We will only keep your Personal Data for the purposes outlined in this Policy and when these purposes have expired, or are no longer relevant, or you have withdrawn your consent for us to use your Personal Data (and we have no other lawful basis to use such data), we will delete such data. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In the meantime, we will continue to use your Personal Data to contact you in the manner set out in this Policy or otherwise for the purposes set out in this Policy. If you have any questions regarding data retention periods please contact us at [email protected]
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data required by law or required to provide a service you have requested, and you fail to provide that data when requested, we may not be able to provide you with the services requested.
Cookies, tracking tools and profiling
Cookies
When we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer’s hard drive that records how you’ve used a website. These are called ‘cookies’. These cookies are used to improve services for you. So, for example, the next time you visit that website, it can tailor your options based on the information it has stored about your last visit.
A web browser cookie is a small text file that websites place on your computer’s or mobile device’s web browser.
These cookies store information about the content you view and interact with, in order to remember your preferences and settings or analyse how you use online services.
Cookies are divided into ‘first party’ and ‘third party’:
- First party cookies are the cookies served by the owner of the domain – in our case that’s icelolly.com. Any cookie we place ourselves is a ‘first party cookie’.
- Third party cookies are cookies placed on our domains by trusted partners that we’ve chosen to allow to do so. These can be social media partners, advertising partners, security providers and more.
Cookies can be either ‘session cookies’ or ‘permanent cookies’:
- Session cookies only exist until you close your browser, ending what is called your ‘session’. They are then deleted.
- Permanent cookies have a range of different lifespans and stay on your device after the browser is closed. On our Platforms, we try to only serve permanent cookies (or allow permanent cookies to be served by third parties) that have a limited lifespan. However, for security reasons, or in other exceptional circumstances, we might sometimes need to give a cookie a longer lifespan.
Further, cookies fall into one of the following categories:
- Strictly Necessary means cookies that are essential for the provision of the site and any requested services, but do not perform any additional or secondary function.
- Performance Cookies means cookies that provide statistical information on site usage, i.e. web analytics.
- Functionality Cookies means cookies that allow the provision of enhanced functionality and personalization, such as videos and live chat. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functions may not work properly.
- Targeting/Advertising Cookies means cookies that are used to create profiles or personalize content. Third parties often set them and these cookies present the highest privacy risks to visitors.
Web browser cookies may store information such as your IP address or another identifier, your browser type, and information about the content you view and interact with on digital services. By storing this information, web browser cookies can remember your preferences and settings for online services and analyse how you use them.
To learn more about cookies, see www.allaboutcookies.org or www.google.com/policies/technologies/cookies/
To learn more about the cookies we use on our website go to www.icelolly.com/cookies
Your browser may give you the ability to control cookies. How to do this varies from browser to browser. You should view the Help menu on the browser you use for further information. By turning off cookies, you might not be able to use some of the products or services on our Platforms.
We or our third-party service providers may set and use analytics cookies. These allow us to gather aggregated or segmented information about the types of visitors that access our Platforms and the pages and advertisements that they view.
We also use data collection cookies to enhance your use of our website. As stated above, these cookies are used to help us understand how you engage with the icelolly.com website so we can tailor content based on your interests.
You may not be able to use any of the above features if you set your device to block cookies, delete cookies or opt out of online behavioural advertising.
Please note that our advertisers or suppliers accessed through links displayed on our website may also use cookies, over which we have no control.
Profiling
We may analyse your Personal Data to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. This can involve profiling, that is, automated processing of your Personal Data to determine and evaluate your preferences. You have a right to object to such profiling where we process on the basis of legitimate interest.
Tracking tools
We, our advertisers and our business partners, use several common tracking tools (such as pixels and tracking URLs) on the Platforms and those platforms of our advertisers and partners. For example, our email messages may contain pixels and tracking URLs to determine whether you have opened a certain message or accessed a certain link.
We use these tools in order to:
- Track new visitors to our Platforms;
- Help us recognise your browser as a previous visitor. This includes saving and remembering any preferences that may have been set while your browser was visiting our Platforms, such as language;
- Work with online advertising companies to display targeted advertising on our Platforms and third-party platforms that you visit. This targeting may be based on information you submit on our Platforms or third-party platforms. This targeting may also be based on your activities or behaviours on our Platforms or those of third parties;
- Help improve our website offering and for capacity planning purposes. In particular, We, our advertisers and our business partners may use tracking tools such as web beacons. Web beacons are placed in the code of a web page or an email newsletter for the purpose of determining who has seen and engaged with the promotion or announcement and therefore its value to the customer and whether re-engagement is appropriate;
We may also use Google Analytics to collect demographic and interest data about you (such as age, gender, and interests), which enables us to improve our platforms and deliver content pertinent to the visitor.
Third-party websites
Our website and Platforms may contain links to other websites run by other organisations. This Policy applies only to our website and Platforms‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites and platforms even if you access them using links from our Platforms.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.