Effective Date: April 1, 2019
Your use of our Sites, including any orders you place, is governed by our Terms and Conditions. Please take the time to read these, as they include important terms which apply to you.
Table of Contents:
- Who We Are and How to Contact Us
- What Information Do We Collect and Why Do We Collect It?
- How We Collect Your Personal Data
- Failure to Provide Your Data
- Direct Marketing: Your Consent Matters
- Who Do We Share Your Information With?
- International Data Transfers
- Your Rights
- Security of Your Data
- Retention of Your Data
- Other Websites
- Location Based Services
- Children Under 13
WHO WE ARE AND HOW TO CONTACT US
The data controller who is responsible for your personal data when you use our Sites is Big Bus Tours LTD, with registered office address at 110 Buckingham Palace Road, SW1W 9SA London. If you have any questions about how we treat your personal data, please contact us via one of the following channels:
- Email Address: firstname.lastname@example.org
- Postal Address: Data protection officer, Big Bus Tours Head Office, 4th Floor, 110 Buckingham Palace Road, SW1W 9SA, London, United Kingdom
WHAT INFORMATION DO WE COLLECT AND WHY DO WE COLLECT IT?
When you visit our Sites, we may collect:
Information such as your computer’s IP address, browser type and version and information collected from cookies when you are browsing our Sites. We collect this information to help us understand how to improve our services and our Sites and to ensure that the content on our Sites is presented to you in an effective manner. We have a legitimate business interest for this processing: to ensure that our Site is operating effectively and to provide you with a great service.
Personal information such as your name, address, telephone number and email address as provided by you when you register to Big Bus Tours or place an order with us and enter your payment card details. We collect this information for the following reasons:
- To process your order. We engage third party processors to process the payment of your order online. We collect this information to perform a contract with you and, if you fail to give us the information that we request, then you may not be able to place an order via our Sites. If you consent to them doing so, the third-party processors may store your payment card details to speed up your transaction time.
- For product and Site development (for example, call backs for feedback on new products), for statistical, market research, testing and survey purposes, to notify you about changes to our Sites or our services. We have a legitimate business interest to collect this information: to continue to improve the services we provide to you;
- To ensure you receive marketing and offers that are of most interest and relevance to you. To help us achieve this, we may share your data with third party analytics companies to understand your purchasing options. We have a legitimate business interest to collect this information: to get to know your preferences and to personalise our offers to you to improve the marketing you receive from us. However, we will only send you marketing communications where you have given your consent.
- To comply with our legal obligations under applicable laws and regulations.
HOW WE COLLECT YOUR PERSONAL DATA
Information you directly provide to us:
We collect the data that you enter on the Site when you purchase one of our services or otherwise interact with us, or that you provide in any other manner such as by post, phone, email or otherwise. This includes personal data when you purchase a service or product, request marketing to be sent to you, or give us feedback or contact us.
Information that we automatically collect from you:
We automatically collect certain types of data when you visit and interact with us on the Sites. This data may include IP address, location, email address, the browser you used to visit our Sites, and the time and duration of your connection. The data we receive may depend on your browser or device settings.
Cookies and similar technologies:
FAILURE TO PROVIDE YOUR DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with one of our sightseeing tours).
DIRECT MARKETING: YOUR CONSENT MATTERS
What have I consented to?
We will not send direct marketing messages to you unless you have opted-in to our marketing. If you have opted-in, this means that we may contact you via your chosen media (such as SMS, email or mail):
- with offers about our products;
- to deliver relevant, tailored advertising to you with information about products or services we feel may interest you.
Can I withdraw consent?
You are always free to opt-in to our marketing and you are always free to opt-out at any time; this will never have an impact on our commitment to provide you with great service and a quality product. Once you have unsubscribed from marketing messages, we will stop sending you marketing messages as soon as possible but, in any event, will do so no later than 30 days from your request to withdraw consent.
How long do you keep my consent?
For all contacts already opted in to our communications, we will assume you want us to keep in touch until the point you have voluntarily opted out.
Updating your consent
Our database will automatically remove you from our communications once unsubscribed. If you previously opted in from a historical purchase (as permitted under applicable law), but on your next purchase choose not to receive marketing communication from us on some or all media, then we will update our/your records accordingly.
WHO DO WE SHARE YOUR INFORMATION WITH?
We may share your personal information with a purchaser or a potential purchaser of our business. We have a legitimate business interest to do this: to assist with the sale or potential sale of our business.
We may also share use your information with third party payment processors, data matching, data analysis or direct marketing companies to perform services on our behalf (such as, for example, Google, Facebook and Instagram) who will only be permitted to use your personal information for the purpose of performing that particular function strictly in accordance with our instructions and not for any other purpose. Please see “What information do we collect and why do we collect it?” above for further information.
In some circumstances, we may have to disclose your personal information as permitted or required by law, because a court or the police or other legal or regulatory enforcement agency has asked us for it.
We may also share your personal information with our professional advisers such as our lawyers, bankers, auditors and insurers who assist us in running our business and to comply with our legal obligations.
We require all third parties that we work with to treat your personal information as confidential and to fully comply with all applicable data protection and consumer legislation.
INTERNATIONAL DATA TRANSFERS
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") pursuant to:
- a) the model clauses published by the EEA pursuant to Commission Decision C(2010) 593 Standard Contractual Clauses (Processors) and a copy of the model contract clauses is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en ;
- (b) an adequacy decision of the European Commission, meaning that the country to which we transfer your personal data has been deemed to provide the same level of protection to your personal data as it has in the EEA and a current list of such countries is available here https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en; or
- (c) where we transfer or store personal data in the United States, the EU-US Privacy Shield framework, which is explained here: https://www.privacyshield.gov/welcome.
You may request a copy of the suitable mechanisms we have in place by contacting us.
Subject to any exceptions and derogations under applicable law, you have the rights to:
- where we rely on your consent (e.g. for our direct marketing), withdraw your consent to the processing of your personal data;
- access your personal data;
- receive (or transfer to a third party) your personal data in a structured, commonly used and machine-readable format;
- request us to rectify any inaccurate personal data that we may hold;
- request us to erase personal data where: (a) it is no longer necessary for us to hold such personal data; (b) you no longer consent to the processing of your personal data; (c) your personal data has been unlawfully processed; or (d) we are otherwise required by law to erase your personal data;
- make a complaint with the national data protection authority in the country where you are based. We would, however, appreciate the chance to deal with your concerns before you approach your supervisory authority so please contact us using the contact information provided above.
You may contact us at any time using the contact details supplied above to exercise any of the rights which apply to you. We may need to request specific information from you to help us confirm your identity and to exercise any of your rights.
SECURITY OF YOUR DATA
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. All information you provide to us is stored on our secure servers. To prevent unauthorised access, use, alteration or disclosure, we have put in place suitable physical, electronic and corporate policies to safeguard and secure the information we receive.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our Sites and any transmission is at your own risk. If we become aware of any accidental or unauthorised access to or use of your personal data, we will notify you of such data breach in accordance with applicable laws.
RETENTION OF YOUR DATA
We will store the data we collect about you for as long as is necessary for the purpose(s) for which we collected it and in accordance with applicable law.
When assessing the data retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements. If we are required to retain your data under applicable laws, then we will implement appropriate measures to safeguard its confidentiality.
LOCATION BASED SERVICES
We use Location Based Services (“LBS”) to understand traffic patterns in venues (our fleet of buses). The location data we capture helps us to understand venues (our fleet of buses), such as how long customers are on board for, and how they generally move around tour routes. This helps us enhance operational efficiency and improve user experience.
CHILDREN UNDER 13
The Sites are not intended for use by children or minors under the age of thirteen years without the permission of a parent or a guardian. If you believe that a child has submitted personal data on or through our Sites without the consent and supervision of a parent or a guardian, please contact us via the information provided above so we can take appropriate action.