Data Protection Policy

1. Preview

Chestnut Travel respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights in relation to existing laws regulating the personal data protection.

Where individuals are engaged by an organisation, which is a client of Chestnut Travel, and you provide us with the personal data on behalf of your employer or travel sponsor, Chestnut Travel will process your data as required. Where travel services are purchased for you pursuant to an arrangement between your employer /travel sponsor, Chestnut Travel as an agent, the relevant service provider will be responsible for the security of the personal data it receives and for compliance with relevant laws & regulations.

By providing personal information to us, you agree that this Notice will apply to how we handle your personal information and you consent to us collecting, using and disclosing your personal information as detailed in this Notice. If you do not agree with any part of this Notice, you must not provide your personal information to us. If you do not provide us with your personal information, or if you withdraw a consent that you have given under this Notice, this may affect our ability to provide services to you or negatively impact the services we can provide to you. For example, most travel bookings must be made under the traveller’s full name and must include contact details and appropriate identification (e.g. passport details). We cannot make bookings for you without that information.

2. Purpose

This privacy notice aims to clearly provide you with information on how Chestnut Travel collects and processes your personal data, including any data you may provide through your employer or travel sponsor. Through this notice we also wish to inform you on how, when & why we process your personal data.

3. Data We Collect

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed and made anonymous. We may collect, use, store and transfer different kinds of personal data about you which we have listed below;

3.1. Identity Data
Identity Data includes full name, username or similar identifier, marital status, title, date of birth and gender.

3.2. Contact Data
Contact Data includes billing address, delivery address, email address and telephone numbers.

3.3. Travel Data
Travel Data includes passport number, identity documents used for domestic travel and/or seaman’s book where applicable.

3.4. Financial Data
Financial Data includes payment card details, bank account or any data that is required to process financial transactions.

3.5. Transactional Data
Transactional Data includes details of products and services you have purchased from us including details about payments to and from you and other.

3.6. Profile Data
Profile Data includes your username and password, purchases or travel bookings made by you, preferences related to service provisions including on Airline, Hotels etc., feedback and survey responses.

3.7. Marketing & Communications Data
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences. This will include your contact data.

3.8. Statistical Data
We also collate and share aggregated data such as statistical data for reporting purposes. Such data is derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your travel data for Management Information Reports. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

3.9. Special Category Data
We do collect special categories of Personal Data about you which includes details about your health and religion for purposes for defining services such as meal preference

4. How is your Personal Data Collected

We will only collect personal information in compliance with your local data protection laws. We collect your personal information from the information you submit during the course of your relationship with us. We will collect this information directly from you. We may also collect your personal information when you complete surveys or provide us with feedback, unless you choose to do so under a pseudonym or anonymously.

4.1. Direct Interactions
Direct interactions. Your employer or your travel Sponsor or you may give us your Identity, Contact and Financial Data by filling in forms electronically or by corresponding with us by post, phone, and email or otherwise.

4.2. Data Provided Via Client Contract Relationships
Personal Data provided by your company or travel sponsor for the purposes of provision of services. In all our contractual client dealings, it is explicitly stated that it is the responsibility of the client to seek authorisation for Chestnut Travel to use the personal data to fulfil its obligations in respect of the scope of works. Chestnut Travel will assume this permission has been sought and given if an authorised travel request is received.

4.3. Publicly Available Sources
Identity and Contact Data from publicly availably sources.

5. How We Use Your Personal Data

We only use your personal data where;

the processing is necessary to provide our services to you,
the processing is necessary for compliance with our legal obligations; and/or
the processing is necessary for our legitimate interests or those of any third party recipients that receive your personal information

5.1. Details
Where you, your company or your travel sponsor contact us in relation to a travel booking or query, the purpose for which we collect your personal information is generally to provide you with travel advice and/or to assist you with booking travel and/or travel related products and services. When you, your company or your travel sponsor book or otherwise arrange travel related products and services through us, we usually act as an agent for the relevant travel service providers (e.g. for an Airline, hotel etc.). In this case, we process your personal information as necessary so as to provide the services you requested from us. This usually includes collecting personal information about you both for our internal purposes as described in this Notice and for the travel service provider for whom we act as agent (e.g. to provide you with the booked services).

We may therefore share your information with our travel service providers such as hotel, airline, car rental, or other providers, who fulfill your travel bookings. Please note that these travel service providers also may use your personal information as described in their respective privacy policy and may contact you as necessary to obtain additional information about you, facilitate your travel reservation, or provide you with your requested services. We encourage you to review the privacy policies of any third-party travel service providers whose products you purchase through us. Most of the service providers have their Privacy Notices within the public domain i.e. Website, and where such Privacy Notice is not available, we will provide you with copies of all relevant travel service provider terms, conditions and privacy policies on request.

We act as agent for or on behalf of many thousands of travel service providers around the world, so it is not possible for us to set out in this Notice all of the travel service providers for whom we act or their locations.

6. Purpose For Which we will use your personal data

We have set out below, a description of all the ways we plan to use your personal data (whether on our own behalf or acting on behalf of your employer or travel sponsor), and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

6.1. Register Traveller
Name, email address, phone numbers, employer, and physical addresses, passport number, additional document information e.g. Driver License, Seaman Book etc., gender and date of birth. If we book travel for your travel companions, we may collect similar information about them. You may choose to provide additional information when setting up your traveller profile which may include request traveller credentials, and emergency contact information.

Legal Basis & Legitimate Interest: Performance of a contract with you, your employer or travel sponsor.

6.2. Book Travel Services
In addition to above, as well as the information required to build your profile we collect travel (such as arrival and departure location, airline, hotel and car rental) and other information that may be required to book your travel. Special categories of information to provide accessibility, meal preferences or other requested services.

Legal Basis & Legitimate Interest: Performance of a contract with you, your employer or travel sponsor.

6.3. Process & Deliver Services
To process and deliver your travel services;

Manage payments, fees and charges
Collect and recover money owed to us

In addition to above, we also collect payment card information and details necessary to process these payments.

Legal Basis & Legitimate Interest: Performance of a contract with you, your employer or travel sponsor and for legitimate interest of recovering dues owed for services rendered.

6.4. Relationship Management
Relationship management involves notifying you of changes to our terms or changes to the privacy policy or notifying you of incidents and advisory e-newsletters. Information related to Identity, Contact, Profile and Marketing & Communication data is required.

Legal Basis & Legitimate Interest: Performance of a contract with you, your employer or travel sponsor, compliance to legal & statutory obligation and our legitimate interests keep our records updated and to study/analyse on how customers use our products/services.

6.5. Participation in Survey & Competition
Data related to Identity, Contact, Profile and Marketing and Communications is required for purposes of conducting surveys or competitions.

Legal Basis & Legitimate Interest: Performance of a contract with you, your employer or travel sponsor, compliance to legal & legitimate interest to build customer relationship and grow the business.

6.6. Business Development
Data related to Identity & Contact in order to explore and seek new business opportunities.

Legal Basis & Legitimate Interest: For the legitimate purposes to grow our business and engage in marketing activities.

6.7. Statistical Data Analytics
Data related to Identity, Contact, Travel Data, Financial Data, and Transactional Data to form the aggregated data for analytical purposes.

Legal Basis & Legitimate Interest: Performance of a contract with you, your employer or travel sponsor and for the legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) grow our business and engage in marketing activities.

7. Disclosure of Personal Data

Chestnut Travel may share your personal data with third parties for the purposes set out above. This includes service providers like airlines, hotels and end fulfillers of services.

It is explicit in our understanding, in law, note that if travel or associated services are purchased for you pursuant to an arrangement between your employer or travel sponsor and Chestnut Travel then, due to Chestnut Travel’s status as an agent, the relevant service provider will be responsible for the security of the personal data it receives and for compliance with applicable law; Chestnut Travel is not responsible for the acts or omissions of such service providers.

8. Overseas Transfer of Data

We share your personal data within the Chestnut Travel Group of Companies, its local TMC Partners and to Services Providers where such international transfers are necessary for the performance of a contract between you, your company or travel sponsor. This will involve transferring your data outside the national boundaries including such as European Economic Area (EEA).

Many of the Service Providers are based outside the defined national boundaries including EEA so their processing of your personal data will involve a transfer of data. Whenever we transfer your personal data overseas, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data
Where we use certain service providers, we may use specific contracts give personal data the same protection as we adhere to

It is possible that information will be transferred to an overseas recipient (other than any of our overseas related entities) located in a jurisdiction where you will not be able to seek redress under your local data protection laws and that does not have an equivalent level of data protection as in your jurisdiction. To the extent permitted by your local data protection laws, we will not be liable for how these overseas recipients handle, store and process your personal information.

9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

9.1. Site Access Control
Prevent unauthorized persons from gaining access to data processing sites that process and use data.

9.2. System Access Control
Prevent data processing systems from being used without authorization.

9.3. Data Access Control
Ensure that persons authorized to use a data processing system have access only to the data they are authorized to access, and that data cannot be read, copied, modified, or removed without authorization during processing, use and storage.

9.4. Disclosure Control
Ascertain and check where and to whom data can be transferred by means of data transmission facilities.

9.5. Input Control
Perform checks & maintain audit logs to establish whether and by whom data has been entered, modified, or removed in data processing system.

9.6. Order Control
Ensure that personal data processed on behalf of a customer is processed in strict accordance with the customer’s instructions.

9.7. Availability Control
Ensure that data is protected against accidental destruction or loss.

9.8. Notification Control
Ensure that the customer is notified promptly in the event of a material breach of any of the controls above. Any breach of confidential data is notified to customer within 72 hours of ascertaining such breach.

10. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for a period ranging from six – seven years, depending on the regulation in each country, after they cease being customers for tax purposes. In some circumstances you can ask us to anonymise your personal data after a specific period of non-use of services.

11. Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Please note that, if you request that we restrict or stop using personal information we hold on you, or withdraw a consent you have previously given to the processing of such information, this may affect our ability to provide services to you or negatively impact the services we can provide to you. For example, most travel bookings must be made under the traveller’s full name and must include contact details and appropriate identification (e.g. passport details). We cannot make bookings for you without that information.

12. Contact

If you have any questions about how we process your personal information, please contact us through email at info.chestnuttravel@gmail.com

Data Protection Policy

Ha Giang Loop 4 days 3 nights Motorbike Tour

La Casta Cruise’s Luxurious 22-Cabin Vessel: Explore the Majestic Ha Long Bay on a 3-Day Adventure!

Discover the Majestic Ha Long Bay on a 2-Day Adventure with La Casta Cruise’s Luxurious 22-Cabin Vessel!

Contact Info

Destinations

Activities

Trip Types