Privacy policy

Privacy Policy

Overview

Thank you for choosing Virgin Experience Days!

This page provides the opportunity to understand how we collect, store and process your data – and to put your mind at ease with regards to the information you provide us.

Here at Virgin Experience Days Limited (“we”, “us”, “our”) we are committed to protecting your privacy and security online. You have control over the information we store about you and what types of information (if any) you would like to receive from us.

Please note, we may amend this Privacy Policy from time to time, so check back if you’d like to stay up to date, all changes will be posted here.

Where to find us:

Registered office address: Stamford House, Boston Drive, Bourne End, Buckinghamshire, SL8 5YS.

Our website: www.virginexperiencedays.co.uk

Data Protection Officer: Our Data Protection Officer is our Chief Technology Officer. If you have any queries relating to our use of your personal information, this privacy policy or any other related data protection questions, please contact us via the Subject Access Request form.

Last privacy policy update: May 2018

If you are dissatisfied with any aspect of our Privacy Policy, you may have legal rights and, where relevant, we have described these in this policy.

What personal data is collected?

To help provide you with, and improve our service, we may collect and process the following data about you:

Information you submit via web forms such as your first name and surname.
Records you submit during the process of purchasing an experience from us including your home address.
Data you submit during activities such as activation, exchange or extension of vouchers and submission of reviews, which will require you to submit your email address.
A record of your correspondence with us via phone, email or other means.

Details of your visits to our website including the following data sets; device information, location information, third party data (for marketing campaign management).

Please note we do not share your details with any third parties without your consent.

Cookies

What are cookies?

Cookies are tiny files which websites use in order to work properly and provide important visitor data to us. They can be placed on your computer when you visit a website and help to make your web experience quicker, easier and tailored to you.

Session cookies are those which expire upon the closing of the web browser and persistent cookies are those which remain in place after a session has ended.

Types of cookies

Essential cookies (ecommerce checkout and basket functionality, location targeting, device targeting).
Website information cookies (enables us to understand traffic and visitor engagement levels to improve the quality of the website).
Setting cookies (enables an improvement is usability by adapting font size, style and page layout).
Advertising cookies (improve the quality of advert targeting, ensuring you see what’s most relevant to you).

Disabling cookies

If you would like to disable cookies, please follow the links below which are attributed to key browsers.

Chrome
Internet Explorer
Firefox
Safari

User agreement

By continuing to use our site, you agree to the placement of cookies on your device. If you choose not to receive our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be.

Processing your personal data

We may process your personal data in a secure manner that meets European Privacy Laws. As a company we process under the concept of ‘legitimate interests’. Therefore, when you provide your personal details to us, we ensure that your data is processed for a distinct purpose whilst ensuring that your interests, rights and freedoms have been thoroughly considered. We will not use personal data for activities where our business interests are overridden by the impact on your privacy or other interests.

We will carefully process the personal information you have supplied to us to conduct and manage our business, to provide relevant marketing communications, fulfil our service commitments and provide the best possible customer service whilst delivering a secure experience.

If you are not happy about the manner in which we process your data, the ‘your rights’ section of this page provides details on how you can withdraw from processing.

We will not transfer your collected data to storage outside the European Economic Area (EEA) in compliance with requirements set by the General Data Protection Regulation.

By giving us your personal data to fulfil your order or to allow us to provide services to you, we will endeavour to keep your data secure. We pursue ongoing improvement in the methods used to transfer and store data, ensuring that we align with industry standards.

Personal data may be stored securely on third party platforms which are used for marketing or operational purposes.

Retaining data

When storing data, we aim to retain the data for no longer than is necessary for the purpose in which it was obtained, with the objective to ensure the highest level of data accuracy. Where identified as inaccurate, data is either rectified or destroyed in a secure manner.

Data retention periods may vary between operational activities, with the business providing consideration as to the length of time data is held for on a case by case basis.

Regarding storage, there are several ways in which your data may be stored:

Within cloud servers. When utilising platforms to fulfil our operational requirements, third party solutions may be used to store the data. As a company, we aim to utilise partners who have data centres within the European Economic Area (EEA).
Within physical servers. We maintain several physical servers which are securely located at our Head Office.
Hard copy, where hard copies of data are retained, they are kept in a secure and clean environment.

Data sharing

We avoid sharing your personal data with third parties for marketing purposes, unless you have provided explicit consent for us to do so.

We may disclose your information in the following cases:

To develop and create an improved customer experience. Often, this data is anonymised anyway.
For a supplier to fulfil your experience gift operationally.
We can disclose it if we have a legal obligation to do so, or to protect your or other people’s property, safety or rights.
We can exchange information with specific third parties to protect against fraud or credit risks.

Where data is transferred between systems, we ensure an encrypted connection is utilised. We are PCI (The Payment Card Industry Standard) compliant when taking payments via the web, with all payment partners meeting the highest level of compliance (Level 1). All of our associated websites maintain valid SSL certificates to allow secure connections from the web server to your browser, you will notice the padlock symbol is present within your search bar when browsing.

Your rights

In line with the General Data Protection Regulation, you have the following rights:

Subject access request – To see what information we hold on you, use our Subject Access Request form to complete the application.
Right to be forgotten – Once you know what personal information we hold on you, you can request us to delete the relevant information, use our Subject Access Request form to complete the application.
Right to object from us processing your data – You can object to processing from direct marketing communications using our unsubscribe form. For other types of processing, please complete our Subject Access Request form.
Right to correct your data – Once you have completed a Subject access request, if any of your personal data we hold isn’t accurate, let us know and we’ll get it updated for you.

We aim to comply with legislation and respond within thirty days of receiving personal data requests. These requests are handled by our Business Support department.

Third parties seeking access to an individual’s data should initially contact the individual regarding such requests.

Supervisory authority

We adhere to guidance from the ICO (Information Commissioner’s Office), they are the UK’s independent body that have been set up to uphold information rights. The ICO have stated that In line with the GDPR, details we provide to you about how we process personal data must be: