Welcome to the privacy centre of Esprit Holidays here you can find details on how we sensitively handle the personal information you provide when you interact with us via the website, sales and customer service team or in other ways. We appreciate there is a lot of information contained here, but we wish you to be fully informed of your rights and hope that we can answer any questions you have. Esprit Holidays is a data controller. We are a company registered in England (no. 350786) registered address; Nelson House, 55 Victoria Road, Farnborough, Hampshire, GU14 7PA. Esprit Holidays is part of the larger Hotelplan UK Group which is a collection of niche tour operators in the UK including Inghams, Esprit Ski, Santa’s Lapland, Explore Worldwide and Inntravel. When we state “we”, “us”, or “our” in this privacy statement, we are referring to “Esprit Holidays”. Please note that the information given here equally applies if someone else makes arrangements on your behalf and provides us with your details. If you handle the arrangements for other travellers, please ensure that they are aware of the information contained within this Privacy Centre.
Esprit Holidays take your privacy extremely seriously and we are committed to doing everything we can to protect any personal information provided to us when enquiring about or booking a holiday or other travel service with Esprit Holidays, visiting our website or through other means. This statement describes what, why and how we collect and use your personal information, how we protect it and how you can contact.
Given the complexity of data protection, we have assembled some Frequently Asked Questions which may address questions you have in connection with the use of personal data and your privacy.
We have strived to use plain and simple language wherever possible but we recognise that some jargon is inevitably used when dealing with data protection and privacy. In this section, we aim to provide simple definitions of some of the more commonly used terminology in connection with privacy and the processing of personal data.
Subject access request
Should you wish to raise a question or concern over how your personal data has been processed, or wish to correct an inaccuracy, you have the right to request further information. Full contact details can be found in the “Contact us” section of our Privacy Statement, however, you can email email@example.com to raise such queries, which we are obliged to respond to within one month, subject to satisfactorily confirming your identity.
Privacy Statement Summary
We have summarised below the key themes of Esprit Holidays privacy statement with a brief
synopsis. For full details, please click on each section to take you to by the relevant symbol;
Privacy Statement explained
Esprit Holidays understands and respects the importance of your privacy. We are committed to
safeguarding your personal information and this statement outlines our commitment to you;
- we will be transparent about the information we collect and what we will do with it;
- we will use the information you give us only for the purposes described in our Privacy
- we will use the information to help understand your needs and provide more relevant offers;
if you tell us to cease marketing messages, we will stop sending them (albeit we will continue to
send important information relating to a product or service you have purchased to keep you
informed about your booking and travel itinerary);
- we will put in place measures to protect your information and keep it secure;
- we will respect your data protection rights and aim to give you control over your own
We have appointed a Data Privacy Manager (firstname.lastname@example.org) who is responsible
for responding to questions you may have. The Hotelplan UK Group has also appointed a Data
Protection Officer (DPO@hotelplan.co.uk) who is a point of escalation should you feel your request
has not be dealt with satisfactorily by the Data Privacy Manager. If you feel your data has been
incorrectly handled, or you are unhappy with our response to any requests you have made, you have
the right to make a complaint to the Information Commissioner’s Office (ICO). You can contact them
on 0303 123 1113 or go online to www.ico.org.uk/concerns.
Information we collect from you
We may collect information about you when you, or someone acting on your behalf, contact(s) us by
phone, email, post or otherwise, and when you correspond(s) with us via our website and online
forms. Please note that calls may be recorded for training and quality control purposes. Information
that you provide us with can take many forms, including;
- When booking holiday arrangements, we will ask you to provide information such as;
your name, gender, date of birth, contact details (postal address, email address and
telephone number) and marketing preferences;
- your preferred rooming arrangements and other special requests (which may include
Special Categories of personal data, see below);
- the name and telephone number of an emergency contact person (whom we will only
contact in urgent circumstances while you are away);
- your travel insurance details;
- where necessary, we may also request your passport details and other information directly required to provide your holiday arrangements;
- when you call us or correspond with us about your booking, we may record the call and/or keep
information on why you contacted us, and the advice we gave you;
- when you make a payment to us, we will receive information from you including details of your
payment card or your bank account (this information is processed using a third party payment
services provider and is not stored by us);
- on your return from holiday we e-mail or post a satisfaction survey to you. This gives us specific
feedback on any issue you may have experienced, and statistical data we can amalgamate in
order to monitor the quality of our holidays;
- when you visit us at a public event, such as trade show or exhibition or participate in one of our
surveys, competitions or prize draws, we may ask for information, such as your name, contact
details, interests and marketing preferences;
- when you use our online services, we may receive content that you choose to upload such as
reviews, comments, photos, forum posts or details of your interests and marketing preferences;
- you may also provide us with written or photographic content for us to load on to our website,
including reviews and articles.
Information we may collect from other sources
We may also collect information from publicly available sources and third parties, including:
- from a Travel Agent acting on your behalf in the sale of a travel arrangement to you, and sharing
some information about your purchase with us;
- information about you from other Hotelplan UK Group companies that you interact with;
- payment information from our payment services provider including debit/credit card numbers,
bank account and other details in order to issue refunds;
- information relating to your use of any of our social network applications, pages or plugins.
Information we may collect when you use our website
Our websites provide us with information about your use, including:
- details of the content that you view and interact with during a browsing session;
- technical information such as, but not limited to, service, product or server logs, IP address, time
and location, domain, device and application settings, errors and hardware activity etc;
- interests and preferences that you specify during the curation of your holiday arrangements;
- email/chat communications you have with us may be monitored and logged.
Aggregated information derived from your personal data
We collect, use and share aggregated data such as statistical and demographic data for analytical
purposes. Whilst derived from your personal data, it is not considered personal data as this data
does not directly or indirectly reveal your identity.
Special categories of personal data
We may collect, use and share the following special categories of personal data about you only
where it is strictly necessary in order to deliver the travel arrangements you have purchased (for
example, to assist with visa applications or ensure appropriate food for those with serious/life
- dietary requirements which may disclose health matters or your religious or philosophical
- health, including information about any disability or medical condition which may affect the
chosen holiday arrangements.
If you fail to provide personal information
If you fail to provide personal information
Should you fail to provide data required either by law, or necessary to provide your chosen travel
arrangements, we will not be able to provide the services you have booked or are attempting to
book. This may result in Esprit Holidays being unable to process your booking and be forced to
cancel the booking. In this case, we will treat this as a ‘cancellation by you’ in accordance with the
relevant Booking Terms & Conditions and notify you accordingly.
We ask that you please take care when submitting information to us, in particular when completing
free text fields or uploading documents and other materials. Some of our services are automated
and we may not recognise that you have accidentally provided us with incorrect or sensitive
How Esprit Holidays uses the information it collects
We may use the information we collect for a wide range of purposes to ensure we give you the best
possible customer experience and ensure the appropriate performance of the contract, including;
To share your data with third party service providers used in the delivery of your purchased
holiday arrangements. These providers will be named on your holiday confirmation and/or in
your holiday documentation, and include;
- accommodation and transport providers;
- local ground partners and agents, where we use them;
- equipment hire operations, including our cycling partners and ski hire providers;
- guides, tutors and local attractions where booked on your behalf.
- to provide you with information on our products and services, and also to deal with your
requests and enquiries regarding holiday arrangements;
- to contact you if we need more information or if there are changes to your travel arrangements;
- provide customer care and other after sales services;
- for staff training and quality assurance purposes;
- ask for your opinions on our products and services (via ourselves or through a third party agent);
- conduct prize draws, contests and other promotional offers;
- consider employing you if you send us your details in response to our recruitment advertising or
if you approach us with a speculative employment enquiry.
We may use your information to provide you with brochures, newsletters and other communications if you have provided your prior consent or we are permitted under an identified and assessed legitimate interest.
Personalised and targeted content, recommendations and advertisements
We may use the information we collect to personalise and more effectively target our services, content, recommendations, adverts and communications. For example, you may see an advertisement for a holiday that you have recently viewed on one of our websites when browsing at a later stage.
We may use your information to create anonymous, aggregated statistics about the use of our websites, products, services and loyalty programs, which we may share with third parties and/or make available to the public.
We may use your information to develop and improve new and existing products and services,
recommendations, advertisements and other communications and learn more about our customers’
holiday preferences in general.
Publish your reviews, comments and content
Where you upload or provide us with product reviews, comments or content to our websites that are publicly visible, we may link to, publish or publicise these materials elsewhere including in our own advertisements.
Combining the information we collect
We may link or combine the information that we collect from the different sources outlined above
(including information received from other Hotelplan UK Group companies) via a unique identifier,
such as a cookie or email address. We may do this to provide a more seamless customer support
whenever you contact us and to provide you with better, personalised services, content, marketing
Sharing information about you
We will not use information about you in ways that are not explained in this Privacy Statement. We
may share information about you in the following circumstances:
- Legal and business purposes
to disclose to organisations who act as data processors and perform business functions on our
behalf. Such business functions include marketing analysis and assessment of customer
preferences, payment processing, e-mail newsletter delivery and brochure delivery services;
- to share your data with third party service providers used in the delivery of your purchased
- to government bodies and law enforcement agencies to prevent fraud, to comply with the law
and to meet a reasonable request from such bodies;
- to third parties (including professional advisors) to enforce or defend the legal rights of Esprit
Holidays or the terms and conditions of any Esprit Holidays product or service.
We prepare anonymous, aggregate or generic data (including “generic” statistics) for a number of
purposes. As we consider that you cannot reasonably be identified from this information, we may
share it with trusted third parties such as our partners, advertisers, industry bodies, the media etc.
Sharing of information by you
Some of our online services allow you to upload and share messages, reviews, photos, video and
other content and links with others. We will obtain consent if we publish this information on our
websites, marketing collateral or social media profiles. You should not expect any information that you make publicly available to others via our online services to be kept private or confidential and you should always exercise discretion when using such services.
International transfers of your information
We may need to transfer your data to third parties based outside the EEA and who may process,
share and store your personal data in order to fulfil the holiday arrangements you have booked with
us. By submitting your personal data, you are acknowledging this transferring, storing and
For all other transfers of data that are unrelated to the provision of holiday arrangements to you,
whenever your personal data is transferred outside the EEA, we ensure a similar degree of
protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an
adequate level of protection for personal data by the European Commission;
- where we use certain service providers, we may use specific contracts approved by the
European Commission which give personal data the same protection it has in Europe;
- where we use providers based in the US, we may transfer data to them if they are part of the
Privacy Shield which requires them to provide similar protection to personal data shared
between the Europe and the US
Brochures and other printed materials
We sell our holidays directly to customers and so sending out brochures and other marketing
communications by post from time-to-time is very important to the way we do business.
We use data we have collected from bookings, brochure requests and other forms of engagement to
decide what marketing information our customers may like to receive, and we have identified and
assessed this as our Legitimate Interest.
We do however provide an opportunity to opt-out of this direct marketing during the booking or
enquiry process and in subsequent communications. You may contact us at any time to opt-out of
this direct marketing, full contact details can be found in the “Contact us” section of our Privacy
Statement. We have found over the years that the majority of people welcome these
communications and, those who do not, are happy to let us know so we can ensure no more are
When you communicate with us, we may give you the opportunity to subscribe to our weekly email
newsletter. Once subscribed, you can choose to unsubscribe at any time:
- to unsubscribe from an email sent to you, follow the ‘unsubscribe’ link and/or instructions
placed (typically) at the bottom of the email;
- this method will only unsubscribe specifically for the e-newsletter or other communication
received. Should you receive other marketing such as brochure mailings, you will need to optout separately by contacting us to change your marketing preferences.
You can contact us using the details in the “Contact us” section below in order to change your
marketing preferences at any time.
Please note that despite opting out of marketing communications, you will still receive service
communications where necessary, for example, to confirm your booking or to provide you with an
update on its status.
If you ask us to stop sending marketing communications, we will retain your personal information
for the purposes of indicating that you do not want to receive marketing communications. You may
continue to receive postal communications for up to 4 weeks and emails for up to 5 days after your
requested change while our systems are fully updated.
What is our legal basis for using your personal information?
We will only process your personal information where we have a legal basis to do so. The legal basis
will depend on the reason or reasons we collected and need to use your information. Under EU and
UK data protection laws in almost all cases the legal basis will be:
- because we need to use your information to process your booking, fulfil your travel
arrangements and otherwise perform the contract we have with you;
- because there is a Legitimate Interest to use your personal information to operate and improve
our business as a tour operator and travel provider (a Legitimate Interest assessment is
performed prior to making this determination);
- because we need to use your personal information to comply with a legal obligation;
- because you have consented to us using your information.
How long do we keep personal information
We will keep your personal information for only as long as needed to fulfil the purposes described in
this statement. For example, where you book a holiday with us, we will keep the information related
to your booking, so we can fulfil the specific travel arrangements you have made and after that, we
will keep the information for a period which enables us to handle or respond to any complaints,
queries or concerns relating to the booking and to fulfil our obligations to our third party suppliers
who provided your holiday arrangements. The information may also be retained so that we can
continue to improve your experience with us while you continue to engage with and purchase from
us and to ensure that you receive any loyalty rewards that you may be eligible for.
We will actively review the information we hold and delete it securely, or in some cases anonymise
it, when there is no longer a legal requirement, business need or customer interest for it to be
By law we have to keep basic information about our customers for legal and tax purposes (including
identity, contact, financial and transaction data) for up to 7 years after they cease being customers.
Security of your information
We take a number of steps to protect your information from unauthorised access, use or alteration
and unlawful destruction, including where appropriate:
- we are PCI compliant when processing your payments;
- we put in place physical, electronic, and procedural safeguards in line with industry standards tolimit access to the information we collect about you;
- we monitor our system for possible vulnerabilities and attacks to identify ways to further
strengthen our security.
Cookies and web beacons
Please note that in order for us to provide you with the optimum service, we use ‘Cookies’ on our
website. Cookies are small text files sent to your computer when you access our site. The cookies
used on our site are anonymous and contain no personal information (such as name and address) or
card details, but do identify your computer so that you can navigate our site more easily and our
website can remember your preferences. For more information regarding deleting and controlling
Access to your information and your rights
For a copy of the personal information that we store about you in our customer databases, please
contact us using the details given in the “Contact us” section below. You will be asked to provide
some proof of identification so that we can verify that it is you making the request. This is in addition to your legal rights including;
- the right to access a copy of your personal information;
- the right to request the deletion or updating of any inaccurate personal data;
- and the right to object, in certain circumstances, to our processing of your personal data for
If you are concerned that we have not complied with your legal rights or applicable privacy laws, you
may contact the Information Commissioner’s Office (www.ico.gov.uk) which is the regulator
responsible for data protection in the United Kingdom, where Esprit Holidays is located.
Alternatively, if you are located outside of the United Kingdom, please contact your local data
Links to other sites
Our website may contain links to other websites that are not operated by Esprit Holidays. While we
try to link to sites that share our high standards and respect for privacy, we are not responsible for
the content, security or privacy practices of those websites. You should view the privacy and cookie
policies displayed on those websites to find out how your personal information may be used.
It is important that the personal data we hold about you is accurate and current. Please keep us
informed if any of the details you provide to us should change, during the course of your relationship
with us. If you need further assistance or would like to make a comment, you can contact us in a number of
1. By mail to Data Privacy Manager, Nelson House, 55 Victoria Road, Farnborough,
Hampshire, GU14 7PA, England.
2. By telephone on 01483 791 054
3. By email on email@example.com
The appointed Data Protection Officer (DPO) for the Hotelplan UK Group can also be contacted in
the following ways;
1. By mail to Data Protection Officer, Nelson House, 55 Victoria Road, Farnborough,
Hampshire, GU14 7PA, England.
2. By email on DPO@hotelplan.co.uk
This Privacy Statement version was last updated on the 25th May 2018.
If you have any specific questions about privacy, you may find the answer in our Frequently Asked
What is privacy all about?
Privacy is the discipline of handling personal information in a strictly controlled manner, to meet the
- to be transparent about any personal information that is collected and what it will be used
- to protect the information from accidental or malicious loss, damage, unlawful processing or
- for legal compliance.
Why should I care about privacy?
Your personal information is extremely important and there are a number of threats associated with
the inappropriate disclosure and/or use of your information, including: identity theft, fraud or SPAM.
According to the UK Fraud Prevention Service (CIFAS), nearly two thirds of all fraud is the direct
result of account takeovers, impersonation and the misuse of personal details. To reduce the risks,
you must treat your personal information with great care and only disclose it if you feel confident
that it will be handled appropriately.
Is my personal information safe with Esprit Holidays?
While the safety of your personal information can never be 100% guaranteed, we take privacy
extremely seriously and adopt many measures to minimise the risks, including:
- we use industry standard technologies to protect our IT systems from accidental or
intentional (malicious) mis-use;
- we provide privacy training to our staff, to ensure that they understand their responsibilities
when handling your personal information, and the correct processes to follow;
- we perform risk assessments and privacy impact assessments when starting a new project
and when hiring a 3rd party to process personal information on our behalf.
What can I do to protect my personal information?
Don't automatically trust every website or email which asks you to provide your personal
information. Take time to check that the request is valid, and that the personal information
requested is absolutely necessary for the services that you are looking to use.
Why has Esprit Holidays created a privacy centre?
This privacy centre aims to provide one place to find all the information you need about how we
handle your personal information. There are a few key objectives:
- transparency, to make it clear what personal information we collect and how we use it, what
we do to protect it, and how you can contact us;
- ease of use, to make it easy for you to find the information that you are looking for.
How can I stop Esprit Holidays from sending me promotions and offers?
You have the right at any time to ask us not to process your personal data for marketing purposes.
You can exercise your right to prevent such processing by ticking/un-ticking certain boxes on the
forms we use to collect your data. You can also exercise the right at any time by sending an
unsubscribe request to firstname.lastname@example.org who can change your marketing
While we try our best to use plain and simple language, we recognise that there will be some jargon.
This section aims to provide simple definitions for some of the common privacy terminology;
The legislation with which any personal information processing must comply. In this case, the
applicable law is England and Wales.
These are small pieces of data that are placed on your device’s browser (e.g. PC) when you access a
website. Cookies are used for a variety of purposes, including enabling features on a website,
helping us to understand which parts of our websites are the most popular, where website visitors
are going, and how much time they spend there.
Data aggregation is any process in which information is gathered and expressed in a summary form,
for purposes such as statistical analysis. A common aggregation purpose is to get more information
about particular groups based on specific variables such as age, profession, or income.
A data controller is a person in an organisation that determines how and why personal data is to be
“processed” (this includes using, storing and deleting the data). The data controller is responsible for
this personal data, and for ensuring that processing of the data fully satisfies the requirements of the
A data processor is an organisation that has been contracted to process personal data on behalf of a
data controller. Responsibility for the data remains with the data controller, but data processors
have contractual obligations to ensure that the processing activities are performed to meet the
requirements of the data controller.
Data Protection Act 1998
The Data Protection Act 1998 (DPA 1998) is a UK law that defines the ways in which information or
data related to an identified or identifiable person, such as name, age, telephone number, e-mail
and mailing address ("Personal Data") may be legally used and handled.
Encryption, such as Secure Sockets Layer (SSL) encryption, is a system for protecting data, used when
collecting or transferring sensitive data, such as credit card details or other personal information.
Encryption is designed to make the data unreadable by anyone but the intended recipients.
General Data Protection Regulation (GDPR)
The data protection law in the UK changed on 25 May 2018 to align with the rest of the EU. The
GDPR is a regulation in EU law on data protection and privacy for all individuals within the European
Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give
control to citizens and residents over their personal data and to simplify the regulatory environment
for international business by unifying the regulation within the EU.
Hotelplan UK Group companies
Hotelplan is a large European travel group with headquarters in Switzerland, owned by Migros, the
leading Swiss co-operative retailer. Hotelplan (U.K. Group) Ltd. Is the parent company of our award winning UK family of brands, which includes Inghams, Ski Total, Esprit, Santa’s Lapland - all based in Farnborough, Hampshire. Inntravel, based in Whitwell, York. Explore Worldwide, based in Farnborough, Hampshire.
Personal Information is any information about or relating to a uniquely identifiable individual, and
information that can be used to identify a specific person
- attributes of an already identified person
- information or attributes that alone may not identify an individual but which can be tied
together with other information in Esprit Holidays or a Third Party’s possession, or public
information, to identify a person
Examples include name, address, phone number, email address, national insurance number, credit
card number, driver’s license number, passport number or other government issued ID number,
bank account number, race, physical traits, hobbies, usage patterns, family members, income,
department and gender of employee when a department may only have one employee of a
Personal Information Management
Personal Information Management is the set of processes and controls used to ensure that personal
information is handled appropriately, to meet our internal and legal requirements.
Privacy statement is a legal document that discloses how a company gathers, uses, discloses and
manages the personal information provided by an individual (such as a customer, partner, employee
or potential employee). While this is a legal document, a privacy statement aims to provide
transparency about these information handling practices, so should ideally be written in clear and
If you would like to unsubscribe from an email sent to you, follow the 'unsubscribe' link and/or
instructions placed (typically) at the bottom of the mail. If you use more than one email address to
shop or contact us, you need to unsubscribe from each email account that you use.
Web beacons, also known as single pixel or clear gif technology, or action tags, tells us which visitors
clicked on key elements (such as links or graphics) on a Esprit Holidays webpage or email.
These are non-Hotelplan companies contracted to perform functions on our behalf, such as fulfilling
bookings, delivering contractual obligations such as airlines, coach companies, hotels etc., sending
postal mail and emails, sending text messages (SMS), providing marketing assistance, etc.