Kirker Holidays Data Protection Privacy Policy

What is the purpose of this privacy policy?

As with all well-run travel businesses, Kirker Holidays has a ‘privacy policy’ (a summary of which is set out below), and all members of the Kirker team take your privacy seriously at all times.  In order to make your booking and provide your holiday, deal with booking enquiries, provide requested information and marketing material  and to enable us to maintain the high levels of service our clients require, we need to collect some personal data and process this.  The information below describes in more detail how and why we obtain and process data which can identify you.  If you have any queries about any aspect of Kirker’s policy, please do not hesitate to contact Ted Wake (Director of Marketing) or Patrick Millar (Marketing Manager) on 020 7593 2281 – either of us would be delighted to answer any queries.

This privacy policy also tells you about some of the key rights which you have under data protection laws. From 25 May 2018 onwards, you and your personal data will be protected by the EU General Data Protection Regulation (which is otherwise known as GDPR) and a new UK Data Protection Act 2018. In this privacy policy, we refer to this legislation as data protection laws.

We will only process your personal data as set out in our privacy policy or notified to or agreed by you or as we are otherwise permitted to do in accordance with data protection laws.

What is our role in relation to your personal data?

For the purposes of data protection laws, Kirker Travel Limited t/a Kirker Holidays is a data controller in respect of the personal data you provide us with.

What is my personal data and what do you mean by process?

When we refer to personal data, we mean any information which relates to an identified or identifiable individual.

Where we refer to process or processing, we mean anything which we may do with your personal data including collecting, storing, using, disclosing to third parties and erasing it.

What personal data do we collect?

We collect personal data when you make a holiday enquiry, ask for a quotation or request a brochure by telephone, email or through one of our website enquiry forms. This normally consists of your name, telephone number(s), postal address and email address. We also collect information when you register for email newsletters and special offers or enter a competition.

If you make an enquiry through a travel agent, although we would not normally have any postal address or other contact details, we do collect and store certain relevant information in addition to the names of the person(s) travelling such as hotel preferences or other accommodation requirements. In addition, if you visit our website we may collect your IP address and use cookies unless you configure your web browser not to accept them, and we may collect information relating to your usage of the website.

If you make a booking with Kirker, we also need to collect additional personal data, which will usually include some or all of the following information:

• Full names of all persons travelling
• Postal address of the person making the booking (unless you book through a travel agent
• Dates of birth of all persons travelling
• Passport information of all persons travelling
• Credit/debit card or other payment details (unless booking through a travel agent)
• Special requests or additional requirements (such as details of any relevant medical condition or other health related issue which may affect your holiday experience or which you otherwise choose to give us, and any dietary requirements).
• Emergency contact information, usually the name of your emergency contact and their mobile telephone number
• For our escorted Cultural Tours & Music Holiday groups, we also require
  • Travel insurance details (insurance company, policy number and the emergency assistance telephone number)
  • In case of emergency, we need contact details for the participant’s next of kin (name, relationship with participant, a telephone contact number and sometimes email address)

We may also ask some further voluntary questions during your enquiry to help us create a holiday experience tailored to your personal requirements. For example, the destinations or themes and activities of holidays you are most interested in, details of a special occasion such as your wedding anniversary, or your preferences regarding hotel room types or configuration. We may store this information to help provide a better service in future.

If you are the lead passenger entering into a booking contract with Kirker, you are responsible for ensuring that other members of the party are aware of the content of this Privacy Policy and consent to you acting on their behalf in all your dealings with us.

Questionnaire Feedback

We welcome all feedback on our holidays, and if you kindly do complete and return the Kirker holiday questionnaires to us, we will process and store your responses in order to monitor supplier performance (such as hotels) and help us to improve our holidays in the future and to address any complaints or queries. We may also from time to time use a quote from your feedback in the form of an anonymous testimonial on our website or in one of our brochures, but it will not be published with any personal information and we will of course refrain from publishing your comments or remove them immediately if your ask us to do so.

Why do we collect personal data?

For a booking or booking enquiry, we will process your personal data (other than any data which comes within special categories of personal data - see below) on the basis that this is necessary for the performance of your contract with us or to enable us to take steps at your request prior to your entering into a contract with us. We may also need to do so to comply with a legal obligation to which we are subject or in order to protect your vital interests (for example, in an emergency situation).

If you wish to receive brochures or other promotional material from us, we will need your name and the contact details applicable to the form of communication you have consented to. For example, if you wish to receive information by e-mail, we will need your e-mail address.

We do not use any personal information for marketing purposes other than the names and applicable contact details of the person who has consented to receive such material.

If you visit our website, your IP address and ‘cookies’ are collected in order to personalise your use of the site, assist your use of the site and improve the website generally. To learn more about cookies, and how you can choose to disable them on your internet browser, visit www.aboutcookies.org

Hotjar

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site

What are special categories of personal data?

Personal data which concerns your health or which reveals your racial or ethnic origin or religious beliefs or your sexual orientation are special categories of personal data. Other information also comes within special categories but this is unlikely to be relevant to the booking and provision of travel arrangements.

Generally speaking, the processing of special categories of personal data requires the explicit consent of the person concerned.

Accordingly, information concerning any disability, medical condition, restricted mobility or other health related issue (and related requirements) as well as dietary restrictions which disclose your religious beliefs or any health issue are special categories of personal data. We will ask for your consent to our processing this information at the time you make your booking or your booking enquiry or whenever you otherwise provide or indicate that you intend to provide such information. This consent may be provided to us by the lead passenger on behalf of the person concerned where the lead passenger is authorised to do so. Alternatively, the person concerned may provide consent to us directly.  

Marketing communications

Generally speaking, clients who have booked with Kirker in the past or those who have requested brochures or other information previously, like to be kept in touch with future holiday possibilities or events – but if you would prefer not to receive brochures, or emails, please let us know and we would be pleased to amend our records to stop sending communications according to your wishes.  

You can choose to stop receiving further marketing communications – by email, post or both – at any time: please call 020 7593 2281 or email This email address is being protected from spambots. You need JavaScript enabled to view it. or use the unsubscribe link which appears on all marketing e-mails.

We will only retain and use your personal data for marketing purposes where you have specifically consented to our doing so or, in relation to e-mail marketing, where we comply with the Privacy and Electronic Communications Regulations 2003 (PECR). PECR permits us to send you e-mail marketing where you have previously provided us with your e-mail address in the course of entering into a contract with us for holiday arrangements or negotiations for such arrangements and we wish to e-mail you marketing material about our similar services or products. You will of course be given the opportunity to opt out of receiving such e-mail marketing communications when you first provide us with your e-mail address and whenever we send you any e-mail marketing.

You may provide your consent to receiving marketing material from us either on-line or by telephone. You may also choose in what ways you are happy to receive communications from us. You may, for example, be happy to receive information and offers by post and e-mail but not by telephone.

If you are subscribed to our email communications such as special offers and newsletters, we will track whether you open the message and click on any of the information enclosed. This helps us to improve the content and style of our email messages and send you only the most relevant information in future.

Who may we disclose personal data to?

We never sell personal data or share it with any third party, apart from where necessary in order to fulfil your booking, or if required by law.

Your personal information may be shared with:

• Kirker’s appointed representatives and service providers, including hotels or accommodation providers, ground handlers and destination management companies, visa processing companies, airlines and other transportation providers. Please note that because of the nature of our business these companies may be located outside the UK/EEA.
• Our mailing company (TMB), which organises brochure and marketing distribution by post. They receive names and addresses from Kirker and process these on our behalf in order. For further information visit www.tmbmailing.com. TMB has ISO 27001 data security accreditation that gives Kirker (and Kirker clients) the confidence to trust them with any data that they need in order to fulfil their mailing and despatch tasks.
• UK and overseas government agencies, who may request your passport information or contact details for visas, immigration, security and anti-terrorism purposes.
• Credit and debit card details are securely processed by our payment provider SagePay, who provide software for card transactions.
• In the unlikely event of our insolvency we, or any appointed insolvency practitioner, may disclose your personal information to the CAA, and/or ABTA so that they can assess the status of your booking and advise you on the appropriate course of action under any scheme of financial protection. The CAA’s General Privacy Notice is at https://www.caa.co.uk/Our-work/About-us/General-privacy-notice/ ABTA’s Privacy Notice is at https://www.abta.com/privacy-notice.

We only provide third parties or associated parent or sister companies with the personal data they require in order to deliver their services or to fulfil an insurance or company regulatory need of some sort that enables us to carry out our usual business practices including requests from eg HMRC, law enforcement agencies, investors or potential investors or their professional advisers and associates.   Other than in relation to government / public authorities (over whom we have no control), we will take appropriate steps which are intended to ensure that anyone to whom we pass your personal data for any reason agrees to keep it secure, only uses it for the purposes of providing their services, advice or some legitimate legal or regulatory purpose and does not collect any personal data from you in the course performing their services or duties.

Where will we process your personal data?

Your personal data may be processed within the UK and/or any other country(ies) of the European Economic Area (EEA). EEA countries are all member states of the European Union together with Norway, Iceland and Liechtenstein.

We may also process personal data outside the EEA. Data protection laws may not be as strong outside the EEA as they are in the EEA. Personal data will not be transferred to a country outside the EEA unless (1) the country to which it is transferred is one which the European Commission considers to provide an adequate level of data protection or (2) the personal data is transferred to a company which is required by our contract with them only to deal with the data in accordance with our instructions and to maintain appropriate security to protect the personal data which we are satisfied they have or (3) we are obliged to provide the personal data to a government / public authority in order to provide your holiday.

Protection of your personal data

Our Data Protection Officer is Patrick Millar (Contact telephone: 020 7593 2281, email: This email address is being protected from spambots. You need JavaScript enabled to view it.)

We take appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, which is appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures.

Keeping personal data secure is of great importance to us and there are a number of measures we have in place to maintain its security.

• The Kirker website uses an SSL Digital Certificate to establish a secure connection between your browser and the site, which is indicated by a padlock icon in the browser address bar. To learn more about SSL Digital Certificates, visit www.wikipedia.org/wiki/HTTPS

However, please be aware that no data transmission over the Internet can be 100% guaranteed to be totally secure. As a result, whilst we strive to protect your personal information, we cannot ensure or warrant the security of any information which you send to us, and you do so at your own risk.

• Information you provide to us is stored securely in our reservations system, and on paper files, which are located in the Kirker office. From time to time, our IT service providers, usually EECSoftware (and their associates), may need to view data for maintenance or development purposes. If you have provided us with your email address it may also be stored on our email service provider’s server, Red Circle Digital (www.redcircledigital.co.uk)
• We have appropriate security measures in place to protect against loss, misuse or alteration of information that we have collected. We use network access control technology to limit access to the systems on which personal information is stored, and we monitor for possible vulnerabilities and attacks. A firewall (security software) is in place to protect our internal information from the Internet.
• We also ensure that our approved service providers have the comparable necessary security accreditations.

Accessing and updating your personal information

You are entitled to ask us what personal data of yours is being held or processed, for what purpose and to whom it may be or has been disclosed. No fee will be charged for responding to this request unless it is obviously unfounded or excessive or we have previously provided the same information. We promise to respond to your request without delay and in any event within 1 month unless the request is complex or you have made numerous requests in which case we may be able to extend our response time by a further 2 months.

You may make your request by email, by telephone, or by post.

• By telephone: 020 7593 2281
• By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
• By post: Kirker Holidays, 4 Waterloo Court, 10 Theed St, London, SE1 8ST

We want to make sure that we have the most accurate, relevant and up-to-date information at all times, and will endeavour to contact you if we think that our information is not correct. Please contact us if you believe that we have inaccurate information, or if your personal information has changed. We will rectify any inaccuracy or update your personal information within 1 month of your request (and usually much sooner) or within 3 months if the rectification request is complex.

How long can we retain and process your personal data?

We will not process your personal data in a form which enables you to be personally identified for any longer than is necessary in order to fulfil the purpose for which it was originally collected or for any other legitimate business purpose.

Where your personal data has been provided for the purpose of the holiday arrangements or other services you have contracted, we are entitled to retain this data for a period of at 6 years after those arrangements have been completed. In certain limited circumstances, we may be able to retain it for a longer period.

 If you have consented to receiving marketing communications from us, we may continue to use your personal data for this purpose until you withdraw your consent or otherwise for as long as we reasonably consider your consent remains valid and effective.

Can you ask us to delete your personal data?

Yes, you can ask us to erase your personal data in certain circumstances, for example where you have withdrawn your consent to further marketing material where the data in question has only been processed for this purpose. However, this is not always the case. Please see the previous paragraph for further information on the period of time we may retain personal data.

Other websites

Our website contains links to a small number of other websites run by different organisations that we have no control over. This Privacy Policy applies only to our website and the processing of personal data by Kirker Travel Limited. It is important to check the privacy policy of other organisations if you choose to visit their websites. 

Changes to this policy

We keep our Privacy Policy under constant review. The latest version will appear on this page of our website. This Policy was last updated on 23 May 2018. From time to time we may need to make changes. These may be required as a result of changes in data protection laws or in the guidance issued by regulators such as the Information Commissioner’s Office (which is usually referred to as the ICO) or where we make changes to our procedures.

What should I do if I have a complaint about the processing of my personal data?

If you have any complaint about the way in which your personal data has been dealt with, please let us know by e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.. We will investigate and respond to you as soon as we reasonably can. If you remain dissatisfied, you may complain to the Information Commissioner’s Office. For further details, see www.ico.org.uk

Contact us

If you have any questions, queries or complaints relating to this Privacy Policy or how we use the personal data we have about you, you can contact us:

• By telephone: 020 7593 2288
• By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
• By post: Kirker Holidays, 4 Waterloo Court, 10 Theed St, London, SE1 8ST

Kirker Travel Limited. Registered in England No 1985696

Registered office: Kirker Holidays, 4 Waterloo Court, 10 Theed St, London, SE1 8ST