How we use and protect your personal data.
Last updated: 5 May 2018
Who are we
Our Karma Group data protection officer for the purpose of the Data Protection Laws may be contacted at firstname.lastname@example.org. If you want your data to be deleted, please click here. If you have Any question, please do not hesitate to contact us www.karmagroup.com/contact-us.
Our Commitment and Obligations to you
We take the collection, usage and security of your personal data seriously.
We can only use your personal data under law if we have a good reason for doing so. The law provides examples of those reasons. These include:
- To perform or fulfil a contract we have with you; or
- If we have a legal duty; or
- If it is within our legitimate business interest; or
- If there is a public interest reason for doing so; or
- If you have given your consent.
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
Types of Personal Data We Collect About You
- Contact details of customers (e.g. name, email, address)
- Demographic data (e.g. family & lifestyle details)
- Financial data (e.g. contractual details including payment methods)
- Complaints information
- Technical Information (IP / Cookies)
- Location Data
- User login data
What Personal Data We Collect and Where From
You may give us information about you when filling in forms on our website www.karmagroup.com (“our site”) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you subscribe to our services, complete a survey, sign up to a newsletter, post material on our site, report a problem with our site, request further services. The information you give us may include your name, address, email address, phone number.
Information we collect about you.
With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), cookies and methods used to browse away the page and any phone number used to call our customer service number.
Information received from other sources.
- We may receive information from other sources, such as from other third party booking sites or partner sites for the purpose of providing fulfilment of your booking. The information received may include: names, address details, email, phone, nationality, accompanying traveller information, food and accommodation preference information, and payment information.
Automated decision making.
We do not use automated decision-making processes during our relationship with you. Decisions are always reviewed manually.
What do we use your personal information for?
|What we use your personal data for||What is the lawful reason||Business or Commercial Reason (Our Legitimate Interest)|
|Compliance with legal obligations||Compliance with laws and regulations||N/A.|
|Customer & visitor engagement/social media sharing||This is carried out where applicable with your consent; and when this is within our legitimate business interests to perform||We review data to ensure we provide customers with the best possible service|
|Communication with you||Perform the contract we have with you (or take steps needed at your request prior to entering into a contract with you)||N/A.|
|Improve marketing services||This is within our legitimate business interests to perform||We review data to ensure we provide customers with the best possible service|
|Providing and improving quality of services to customers||This is within our legitimate business interests to perform||We review data to ensure we provide customers with the best possible service|
|To analyse website use and improve services||This is within our legitimate business interests to perform||We carry this our to enhance our website services and ensure that it meets the best user experience to provide our customers with the best journey possible.|
|Marketing||With your consent||N/A.|
|Customer feedback & support||Perform the contract we have with you (or take steps needed at your request prior to entering into a contract with you)||N/A.|
|Payment for services||Perform the contract we have with you (or take steps needed at your request prior to entering into a contract with you)||N/A.|
|Accounting purposes||This is within our legitimate business interests to perform||We need to use your data for our every day accounting purposes|
|Customer/account management||This is within our legitimate business interests to perform||We need to use your data for the operation of our customer relationship management to provide services to you|
|Security of our technology infrastructure||This is within our legitimate business interests to perform||We need to keep our website and online environment secure.|
We may obtain information about your general internet usage by using cookie files stored on your computer or device (“cookies“). Cookies are text files containing small amounts of information which are downloaded to your computer or device when you visit a website. They help us to improve our site and to deliver a better and more personalised service.
We may use both “session” cookie and “persistent” cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
We will use the session cookies to: keep track of you whilst you navigate the website; keep track of your bookings; prevent fraud and increase website security; and other uses. We will use the persistent cookies to: enable our website to recognise you when you visit; keep track of your preferences in relation to your use of our website; and other uses.
You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/. You may disable cookies by changing the settings on your browser. However, if you do so, this will affect your enjoyment of our site and we will no longer be able to offer to you a personalised service.
E-mail marketing and newsletters
We may make suggestions and recommendations to you that we think may be of interest to you or members of your team / organisation. We will only contact you by electronic means (email) with information about services similar to those which you have shown an interest in.
We may also use your data, or permit selected third parties to use your data, to provide you with information about services which may be of interest to you and we or they may contact you about these by electronic means only if you have consented to this.
You have the right to ask us not to process your information for marketing purposes. You can exercise your right to prevent such processing by ticking the relevant boxes on the forms we use to collect your information, or you can opt out of receiving future marketing communications from us at any time by following the directions contained in the marketing email to unsubscribe. You can also exercise this right at any time by contacting us at email@example.com.
We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.
How we share your personal data
We take your privacy very seriously and we’ll only share your information where:
- we need to for the purposes of providing you with products or services you have requested;
- we have a public or legal duty to do so e.g. to assist with detecting fraud and tax evasion, economic crime prevention, regulatory reporting, litigation or defending legal rights;
- we have a legitimate reason for doing so e.g. to manage risk, or assess your suitability for services; or
- we have asked you for your permission to share it, and you’ve agreed.
We may share with third parties, including:
- business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you;
- provided you have consented; marketing, market research, advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
- analytics and search engine providers that assist us in the improvement and optimisation of the website;
- any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries for the purposes set out above;
- in the event that we buy or sell any business or assets, including the sale of an individual website owned by us, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and
- if Karma or substantially all of its assets are acquired by a third party, in which case personal data held by it about its members and customers will be one of the transferred assets.
Sharing Aggregated or Anonymised Data:
Where we have made your information anonymous, we may share it this outside of Karma with partners such as research groups, universities, advertisers or connected sites. For example, we may share information publicly to show trends about the financial services market.
Where we store your personal data
Security of your personal data
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to our site; any transmission of your data is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our site may, from time to time, contain links to and from the websites of our member and associate member organisations, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How Long We Keep Your Information
We will retain your personal information for as long as you use our services and for a reasonable time thereafter. After you have terminated your use of our services, we will retain your personal information for up to 7 years and thereafter may store it in an aggregated and anonymised format.
Your rights (if you are located within the European Union):
- Access to information. The Data Protection Laws give you the right to access information held about you. Your right of access can be exercised in accordance with Data Protection Laws by contacting us at firstname.lastname@example.org.
- Consent. You may withdraw your consent to any processing of your personal data at any time by contacting email@example.com.
- Rectification. You have the right to rectify any personal data held about you that is inaccurate. Your right of rectification can be exercised by contacting us at firstname.lastname@example.org.
- Erasure. You may have the right to erasure of personal data held about you by contacting us at email@example.com.
- Complaints. In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at firstname.lastname@example.org and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection authority relevant to the country within which you reside.