Privacy Policy
Big Bus Tours Limited (“BBT”, “we”, “us” or “our”) is committed to protecting the privacy and security of your personal information.
What is the Purpose of this Policy?
This policy (together with our Partner Booking Platform Terms & Conditions) describes how we collect and use personal information about you in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (when enacted) and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (Data Protection Legislation).
Please read the following carefully to understand our practices regarding how we handle information we collect from you or that you provide to us or which we otherwise learn about you from our relationships with you as a registered user of our Partner Booking Platform either as an Account Holder or an additional Authorised Seller of one of our Partners.
Nothing in this Privacy Policy prejudices any rights that you may have in relation to your personal data under Data Protection Legislation.
Who are We?
Big Bus Tours Limited is the operator of the Partner Booking Platform. We are registered in the United Kingdom under company number 07524891 and our registered office is at 110 Buckingham Palace Road, London, SW1W 9SA.
Our contact details are:
Address: 110 Buckingham Palace Road, London, SW1W 9SA
Email: [email protected]
For the purpose of the Data Protection Legislation, we are the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy policy.
How We Collect Your Personal Information
We obtain information about you when you use, including when you apply to use, our Partner Booking Platform, for example:
(i) when you become a registered user as either an Account Holder or an additional Authorised Seller on behalf of a Partner;
(ii) when you communicate with us or submit information to us via our Partner Booking Platform;
(iii) when you otherwise communicate with us or submit information to us in relation to the operation of a Partner’s account; and
(iv) details of your use of our Partner Booking Platform including time, traffic data, communication data, location data, your IP address and your browser type and operating system.
We may also collect and aggregate information about your computer for system administration and website analytics. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Cookies
We may obtain information about your general internet usage by placing certain bits of information called "cookies" in your web browser software or the hard drive of your computer.
Some of the cookies we use are essential for our Partner Booking Platform to operate.
For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.
The Information We Hold About You
The personal information we collect might include:
1. Identity Data (includes first name, last name, user name or similar identifier).
2. Contact Data (includes address, email address and telephone numbers).
3. Financial Data includes (includes bank account, payment card details, and credit history).
4. Transaction Data (includes details about payments to and from you and other details of products and services you have purchased from or through us).
5. Technical Data (includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on devices used to access the Partner Booking Platform).
6. Profile Data (includes user name and password, purchases or orders made by you).
7. Usage Data (includes information about how you use the Partner Booking Platform and our Services).
The Purposes for which we will use your Personal Information
We will use your information as described in this Privacy Policy and as permitted by applicable laws, including in circumstances where it is necessary: (i) to supply products or services requested by or for you; (ii) for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract; (iii) for compliance with a legal obligation to which we are a subject; (iv) to pursue our legitimate interests; or (v) where you have given us your express consent.
We may use your information in order to:
1. ensure that content from our Partner Booking Platform is presented in the most effective manner for you and for your computer;
2. carry out our obligations arising from our agreement with the Partner for which you are the Account Holder or an Authorised Seller;
3. provide you with information, products or services that you request from us in your capacity as the Account Holder or an Authorised Seller for a Partner;
4. notify you about changes to the Partner Booking Platform or to our products and services or to notify you of other offers, features, updates or details relating to the Partner Booking Platform or to our products and services that might be of interest to you;
5. for our internal business record keeping, tax, accounting and audit purposes;
6. to carry out identity and credit checks in relation to the operation of the sale agent’s account; and
7. in connection with any legal and regulatory matters that we need to deal with.
We will use your information to notify you about changes to or other offers, features, updates or details relating to the Partner Booking Platform or our products and services as described above by email and other online communications, which we believe you will find of interest based on your previous purchases of similar products or services from us, but each communication will include a simple mechanism for you to opt-out of receiving future communications of that nature should you wish to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances (for example when we collect statistical data about our users' browsing actions and patterns) we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
If you fail to provide certain information when requested, we may not be able to perform any contract we have entered into with you, or we may be prevented from complying with our legal obligations.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Lawful Basis for Use of Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data on one of the following lawful bases:
1. Where we need to perform the contract we are about to enter into or have entered into with you.
2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
3. Where we need to comply with a legal or regulatory obligation.
Third Parties
We will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so.
Where permitted by the provisions of applicable law, we may share such information from time to time with the following third parties:
• Our other group companies including the employees, directors and managers of those companies who have a need to access your personal information in carrying out their responsibilities. This includes any BBT group company which has contracted with you or with the Partner by whom you are employed or engaged and any BBT group company which supplies any products or services to you or to the Partner by whom you are employed or engaged; and
• Any agent, contractor, supplier, vendor, or third party service providers who provides administration, logistics or other services to us which are relevant to the services which we provide to you or who otherwise assist us in conducting our business, such as printers, storage facilities, communications software, data hosting, call centre operations, and email management services.
All our third party service providers are required to take appropriate security measures to protect your personal information. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for our specified purposes and in accordance with our instructions, which are all as described in this privacy policy.
We may share your personal information with other third parties, for example in the context of a possible sale, restructuring or financing of or investment in our company or any of our businesses. In this event we will take appropriate measures to ensure that the security of your personal data continues to be assured in accordance with this Privacy Policy and the Data Protection Legislation. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
We may also need to share your personal information with a regulator or to otherwise comply with the law. We may disclose your personal information in order to enforce or apply our Partner Booking Platform Terms of Use and other agreements with you or to protect our rights or property or those of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction.
Transferring information outside of the EEA
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") pursuant to: (a) the model clauses published by the European pursuant to Commission Decision C(2010) 593 Standard Contractual Clauses (Processors); or (b) where we transfer or store personal data in the United States, the US Privacy Shield Regime. It may also be processed by selected third parties operating outside the EEA engaged in, for example, the processing of your payment details. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our Sites and any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. All information you provide to us is stored on our secure servers. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and corporate policies to safeguard and secure the information we receive.
Security
We have appropriate security measures in place to protect against the accidental loss, misuse, access and/or alteration of the information you provide. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Further, when you provide financial information to us, such as credit card details, your data is automatically processed and stored on our secure server. Our secure server software encrypts the information you input before it is sent to us to protect your data against unauthorised access.
Rights of Access, Correction, Erasure, and Restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed of any changes to your personal information of which we need to be made aware.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
• Request access to your personal information. This enables you to receive details of the personal information we hold about you and to check that we are processing it lawfully.
• Request the correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of the processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another person.
If you want to exercise any of the above rights, please contact us using the contact details in the ‘Who Are We?’ section of this privacy policy.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if any request made by you is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to Withdraw Consent
If there are any circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing.
You can exercise this option at any time by contacting us using the contact details in the ‘Who Are We?’ section of this privacy policy. Once we have received your notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes for which you originally agreed, unless we have another legitimate basis for doing so in law.
Changes to this Policy
Any changes we may make to our privacy policy in the future will be posted on this webpage. This privacy policy replaces all previous privacy policies. This privacy policy was last updated on 12th November 2018.
Questions and Complaints Regarding this Policy
Should you have any questions regarding this Privacy Policy, you can contact us using the contact details in the ‘Who Are We?’ section of this privacy policy.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.