Privacy notice
Purpose of this document
This notice is intended to provide information about how the Company will use (or process) personal data about individuals including: its staff; clients; partners and suppliers.
The information is provided because data protection law gives individuals rights to understand how their data is used. You are encouraged to read this notice and understand the Company’s obligations to its entire community.
The privacy notice applies alongside any other information the Company provide about use of personal data, for example, when collecting data online or in paper form.
Anyone who works for, or acts on behalf of, the Company should also be aware of and comply with this privacy notice, which also provides further information about how personal data about those individuals is used.
Who we are
Focus Travel Partnership Ltd (Also known as Focus Travel Holdings Ltd) provides consultancy services to its Partners/Members. We are committed to protecting the privacy and security of your personal information. This notice sets out the basis on which we will collect, hold and process any data that you share with us, or that we collect from you.
For the purposes of the General Data Protection Regulations (GDPR), Focus Travel Partnership Ltd are a “Data Processor”. This means that we are responsible for deciding how we hold and use personal information.
Our GDPR Team will deal with requests and enquiries regarding the use of personal data and endeavour to ensure that all personal data is processed in compliance with this policy and data protection law.
Data protection principles
The Company understands and agrees to abide by the data protection principles:
Principle 1: Lawfulness, Fairness and Transparency
Personal Data will only be collected for one of the purposed specified in the applicable Data Protection regulation and the method of processing that will occur will be thoroughly explained to the Data Subject.
Principle 2: Purpose Limitation
Personal Data shall be collected for specified, explicit and legitimate purposes and not further Processed in a manner that is incompatible with those purposes.
Principle 3: Data Minimisation
Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Process
Principle 4: Storage Limitation
In line with Principle 3, Personal Data shall be kept in a form which permits identification of a Subject for no longer than necessary for the purposes outlined to the Subject.
Principle 5: Accuracy
Personal Data which needs to be stored for a defined period of time must be kept accurate and up to date, thus adhering to specified processes for identifying and addressing out of date and redundant Personal Data. The Company will adopt all necessary measures to ensure that Personal Data collected and processed is complete and accurate and reflects the current situation of the Data Subject.
Principle 6: Integrity & Confidentiality
Personal Data shall be processed and stored in a manner that ensures appropriate security of said Data, including protection against unauthorised processing and accidental loss, destruction or damage.
Principle 7: Accountability
The Data Nominee shall be responsible for and be able to demonstrate compliance in accordance to the six previous Data Protection Principles.
Your Rights
The GDPR provides the certain rights for individuals, as outlined in our ‘Your Rights under GDPR’ document.
Why the Company needs to process personal data
As part of our privacy policy, the data we hold on file for you and your business will only be used for the purposes of ensuring we have up-to-date information about your company, relevant for membership services. Information is shared with our approved preferred suppliers and partners to enable them to service your business needs. We do not share your information with any other companies, nor do we sell your data to any companies.
The Company uses Personal Data for the purposes of; general running and business administration, sharing supplier / industry information, to meet legal requirements / compliance, providing services to our Partners and ongoing administration and management of supplier services.
The Company, and its partners will process Personal Data in accordance with all applicable laws and contractual obligations and Data will only be processed once Informed Consent is given.
We have reviewed our processes to ensure that it is necessary, selected the most appropriate lawful basis for each activity and documented this to demonstrate compliance.
The lawful basis applicable to Focus Partners is ‘the data subject has given consent to the processing of their personal data to provide a service, as you work for an organisation that is taking advantage of one of the services/products we offer’.
Consent
We will only obtain Personal Data by lawful and fair means and with the knowledge and consent of the individual concerned. Where a need exists to request and receive the consent of an individual prior to collection or use of their Personal Data, the Company is committed to seeking such consent.
The term Informed Consent suggests that when applicable or reasonably appropriate to do so, the individual will provide Data Subjects with information as to the purpose of the processing of their Personal Data. Consent should be given in writing and retained.
Data Retention
To ensure fair processing, Personal Data will not be retained by the Company for longer than necessary in relation to the purposes for which it was originally collected. All Personal Data should be deleted or destroyed as soon as possible where it has been confirmed that there is no longer a reason to retain it. Our retention schedule is outlined on our Data Audit.
Data we collect and process
We collect data from the following individuals:
• Via visits to our website
• Detailed obtained during telephone calls, video communications platforms or face-to-face meetings
• Partners and Suppliers
We may collect and process the following data:
• Information provided by filling in forms / contracts
• Information completed when entered onto our website or agent facing products
• Information provided to a Focus Supplier who informs us of
• Details of your access to our online resources or other materials
• Information collected when you contact us; we may keep a copy of any correspondence you send to us, including, but not limited to, your name, company and email address
We may also collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to either the Focus Travel Partnership Ltd or our suppliers / partners.
This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
We may hold both personal and sensitive data, as disclosed to us during the course of business.
All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information is located on servers within the European Union. No 3rd parties have access to your personal data unless the law allows them to do so.
We do not use any kind of automated decision making in the running of our business.
How we keep your data secure
We use a number of methods to store data, which we have identified through our Data Audit.
The data that we collect from you will not be transferred to, or stored at, a destination outside the European Economic Area (“EEA”).
What we do with data we gather
We gather and process data lawfully, in a transparent manner, and for the genuine needs of running our business.
Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
We do not, and have no intention of sharing your information with any organisations for marketing purposes
Personal Data Breaches
How we recognise and deal with breaches of personal data is detailed in our Data Breaches Policy and Procedure.
Questions or complaints
Complaints or questions should be referred to our GDPR Team.