1.1 We regard security of your personal data and protection of your privacy to be of the utmost importance. As the operator of this website, Cook’s Club, we would like to inform you on this page which personal data we collect, what your data is used for, and what it means for you when you use our personalised services.
1.2 Our website may contain links to websites of other providers which are not covered by the data protection declaration. We have no influence over whether their operators abide by the data protection regulations.
1.3 Casa Collective LTD is the data controller and understands and respects the importance of protecting your personal data. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, in respect of your relationship with us as a customer or a potential customer. This information may be collected via our website, our contact centres, our questionnaires/surveys, or our social media channels (collectively, our “Services”).
1.4 Please read the following information carefully. You are responsible for ensuring that the other people that you are acting on behalf of (such as those included with you on a booking), are aware of the content of this Privacy Policy and you have checked with them that they agree to their personal data being given to us to make a booking or other purchase on their behalf.
1.5 By making a booking or other purchase or otherwise giving your personal data to us, we will transfer, store, or process it as set out below. We will take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy and will take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration, and disclosure.
1.6 The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.
1.7 CASA COLLECTIVE LTD is the registered owner of the website Cooksclub.com.
2.1 We collect certain personal data about you and about any other person you include on your booking. The sort of personal data we collect is information that you provide to us, that we collect from you or observe about you, or that we obtain from other sources. We will only collect and use your personal data if at least one of the following conditions applies:
2.1.1 we have your consent;
2.1.2 it is necessary for a contract with you or to take steps at your request prior to entering into a contract;
2.1.3 it is necessary for us to comply with a legal obligation;
2.1.4 it is necessary to protect your vital interests or those of another individual;
2.1.5 it is in the public interest, or we have official authority to do so; or
2.1.6 it is in our or a third-party’s legitimate interests and these are not overridden by your interests or rights.
3.1 When you make a booking or other purchase or enquiry, including by email, post and phone or through social media we may ask you for your personal details including your name, address, e-mail address and telephone number. We need to collect this information in order to arrange the services you are requesting. We may collect details of and other digital communications we send to you that you open, including any links in them that you click on.
3.2 When you request to make a booking, depending on the arrangements you ask us to make for you, we will ask if you have any special requirements and in doing so you may give us special categories of personal data. When you give us this information, we will use it to try and ensure your particular needs in relation to a booking are met. If you do not want to provide this information to us, or after you have provided us with this information you ask us or our data compliance department to stop processing this information, it may mean we will not be able to provide all or parts of the Services you have requested. If we have to cancel your booking/purchase as a result, you may incur a cancellation charge.
3.3 If you enter a competition or promotion, complete a survey, or if you report a problem with any of our Services, we will collect your name and relevant contact information and any other personal data you choose to give us.
3.4 We may ask to see and retain a copy of passport details and other identification documents if, for example, you are checking in at the hotel.
3.5 If you contact us online, we may keep a record of your e-mail or other correspondence, and if you call us by telephone, we may monitor and/or record phone conversations for training and customer service reasons.
3.6 If, when using our Services, you make a holiday/travel search on our website or with one of our travel consultants and you enter or provide any of your personal data (including telephone number or e-mail address), but do not make a booking or other purchase, we will keep and use the data you have provided for a limited time and purpose, as mentioned below.
3.7 To help us keep your information current, accurate and complete, please ensure you tell us if anything needs to be changed.
4.1 Based on how you have used our Services in the past and your activity on our website, social media channels, or with our contact centre, we collect the following personal data about you:
4.1.1 details of the services we have provided to you in the past, including your previous travel arrangements, such as holidays and other purchases, and matters related to those arrangements, such as details of your previous requirements or complaints;
4.1.2 details of your visits to our website (including, but not limited to, traffic data, location data and weblogs) whether this is required for our own purposes or otherwise, and of the resources that you access. We use third-party technology services, such as Google Analytics to administer these services;
4.1.3 details of website(s) you visited before you use a link to our website, pages visited in our website, and time spent on each page;
4.1.4 information about your social preferences, interests, and activities;
4.1.5 information or images provided to use via social channels;
4.1.6 information regarding referral source, payment source, information to the credit bureau, amount for products and services on a transaction and other related information;
4.1.7 additional personal data that we may require you to provide us with as you use our Services;
4.1.8 information about your computer (or mobile device/tablet) including, where available, your IP address, operating system, device location, browser type, cookie identification numbers, for system administration purposes, and our own marketing purposes. This is statistical data about our users' browsing actions and patterns, and any reports we share do not identify any individuals; and
4.1.9 images of you taken on our CCTV systems at our premises.
5. PERSONAL DATA OF CHILDREN
The website and Services are not directed to children under the age of majority. We do not knowingly collect information, including personal data, from children or other individuals who are not legally able to use our website and Services without a lawful basis for processing (which may include consent by the minor’s guardian or for the purposes of fulfilment of a contract). If we obtain actual knowledge that we have collected personal data from a child under the age of majority, and there is no lawful basis for having such personal data, we will promptly delete it unless we are legally obligated to retain such data. Please contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of majority.
6.1We might also receive your personal data from third-party sources who collect information about you on our behalf. This includes:
6.1.1 if you tell a third-party that you would like to receive marketing communications from CASA COLLECTIVE LTD, they will securely transfer your contact details and marketing preferences to us;
6.1.2 if you book one of our holidays through a third-party travel agent, certain personal data (as applicable to your booking, such as your name, date of birth or any special requirements you have) will be passed to us to provide the Services you have requested/booked;
6.1.3 if you complete an online review, the information you provide will be processed on our behalf and provided to us by a third-party such as Trust You GmbH; and
6.1.4 if you provide feedback on us via our Instagram or Facebook pages the feedback, but not your personal data, will be processed by Vision Alphabet GmbH (“Alphabet”) and passed to us. Alphabet is a digital marketing company used by us to administer the reviews and other activity on our social media channels.
7.1 We use personal data about other individuals provided by you in the course of providing you with the Services.
7.2 By providing other people’s personal data, you must be sure that they agree to this and you are allowed or authorised to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.
8.1Your personal data is held on a combination of our own systems and systems of the suppliers we use to provide our Services.
8.2When you give your personal data to us, some of the personal data you provide will need to be given to and processed and stored by relevant third parties. These third parties include:
8.2.1 our technology and data management partners who help us to administer the Services we provide (such as Busy Rooms Group who provide central reservation services);
8.2.2 our contact centre (including ‘live chat forum’) partners who provide services to support customer enquiries;
8.2.3 an organisation we sell or transfer (or enter into negotiations to sell or transfer), any of our businesses or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in the same way as us; and
8.2.4 our travel partners, such as hoteliers and insurance companies, so that they can provide you with the arrangements and assistance you require.
8.3 We may need to share personal data to establish, exercise or defend our legal rights, this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk. We may do checks to confirm your identity. That is to help protect you from identity theft and other types of fraud, and to prevent and detect crime or money laundering. Once in a while we might run more checks to keep your information and your account up to date. If false or inaccurate information is provided and identified as fraud, the details will be passed to fraud protection agencies. This information may also be shared with law enforcement agencies.
8.4 Some of these third parties may be based outside the UK, EU or European Economic Area (“EEA”). Organisations that are based outside of the UK, EU or EEA may not be subject to the same level of controls in regard to data protection as exist within the UK, EU or the EEA. We aim only to transfer your data to third parties outside of UK, EU or the EEA where either:
8.4.1 your personal data will be subject to one or more appropriate safeguards set out in the law. If you would like more information about our safeguards, please contact us. These safeguards might be the use of standard contractual clauses in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like binding corporate rules); or
8.4.2 the transfer is necessary to enable your contract to be performed.
8.5 The way your personal data is transferred from the UK to other countries may change to ensure continuing compliance with data protection regulations but it will not change the security of your data. This will depend on the data protection rules in place for the international transfers of data outside of the UK in place from time to time.
8.6 In order for you to travel overseas, we may be required to disclose certain of your personal data to government bodies or other authorities in the UK and in other countries, such as those responsible for immigration, border control, law enforcement, security and anti-terrorism. Even if it is not mandatory for us to provide information to such authorities, we may exercise our discretion to assist them where appropriate in the interests of detecting and preventing criminal activity.
8.7 When we share personal data with other organisations we require them to keep it safe, and they must not use your personal data for their own marketing purposes.
8.8 We only share the minimum personal data that enable our suppliers and retail partners to provide their services to you and us.
8.9 We may share your data with members of our group who are in the UK or outside the UK. Our group means our subsidiaries and our ultimate holding company and its subsidiaries (“Group”).
8.10 We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.
8.11 We may disclose your personal data to any member of our Group for business purposes, (those business purposes include holding your data on central/shared systems for administering bookings and supporting customers in destination countries).
9.1 In order to provide our Services to you, we use the information we hold in a number of different ways. We process your information either because it is necessary for us to do so as part of a contract you enter into, or because we have legitimate business reasons for doing so.
9.2 The following activities are carried out by us using your personal data because it is necessary in relation to a contract which you have entered into or because you have asked for something to be done so you can enter into a contract:
9.2.1 administering your booking internally and communicating your booking externally with our suppliers, to ensure the services you have requested are arranged; and
9.2.2 to communicate with you regarding your booking or any other purchase, including sending a booking confirmation and documents.
9.3 We may use and process your personal data as set out below where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so:
9.3.1 to improve customer experience:
(a) to allow you to participate in interactive features of our website, when you choose to do so;
(b) to ensure that content from our website, and booking systems is presented in the most effective manner for you and for your computer; and
(c) to notify you about changes to our service;
9.3.2 to protect our business against financial loss;
9.3.3 for debt collection or credit vetting;
9.3.4 for payment card and booking verification;
9.3.5 to maintain a safe and secure environment and prevent and detect criminal activity;
9.3.6 using CCTV in our premises;
9.3.7 to promote our business, improve our products, Services and day-to-day operations, including:
(a) sending marketing correspondence about products and services similar to those you have previously bought from us. You can opt out and object to our sending you electronic marketing information and this option will be included in every marketing message we send you. See the section ‘When and how do we use your information for marketing?’ for more information;
(b) contacting you if you make an enquiry with us on our website but do not complete a booking to check if there was a problem or you need any assistance to book;
(c) for internal research/analysis to improve the quality of our Services, the products we offer and new products we are developing by:
(i) inviting customers to take part in surveys or customer/business discussion groups; or
(ii) using aggregated customer data to make informed decisions based on analysis of customer booking or other purchase trends and behaviours;
9.3.8 promoting our business, brands and products and measure the reach and effectiveness of our campaigns, including:
(a) to contact you with targeted advertising delivered online using Google DoubleClick and through social media and other platforms operated by other companies. You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals whose details it has received from us. To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us; and
(b) to obtain more information about you by sharing your personal data with technology companies or platforms who may also hold information about you and can match their records with ours. We/these companies may use cookies to match the personal data each of us hold about you (see further our Cookies Policy); and
9.3.9 to support any potential company sale or acquisition:
(a) in the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
9.4 We use this information in two ways:
9.4.1 we identify links between your attributes and your behaviours and market to others with the same attributes, in our direct marketing campaigns and through targeted advertising delivered through our website or third-party platforms including social media channels; and
9.4.2 we tailor and personalise our interactions with you to make them more relevant to your interests. These interactions include your journey around our website and the content that appears on it and marketing communications we send or show to you in our direct marketing campaigns and through online targeted advertising described in the paragraph above. Please see ‘How do we personalise our marketing to you?’ for more information.
9.5 We may use and process your personal data where we consider that it is in your vital interests that we assist you or arrange for assistance to be provided to you by third parties including in the event of an incident or emergency.
9.6 We may use and process your personal data as set out below where we have your consent to do so:
9.6.1 to assist you or arrange for assistance to be provided to you by third parties where you have special requirements in relation to special categories of personal data (please refer to the section: ‘Personal data we collect and/or observe about you’); and
9.6.2 to send marketing correspondence about our products and services where we have asked for your permission to do so. See the section ‘When and how do we use your information for marketing?’ for more information.
9.7 We and third parties acting on our instructions, such as external law firms and their employees, may use and process your personal data as set out below where there is a legal requirement for us to do so, including:
9.7.1 for resolving complaints, dealing with disputes and legal proceedings. This might include contacting you proactively if we need to resolve any issues you may be experiencing or have experienced with a booking or other purchase;
9.7.2 to respond to requests from any government body, law enforcement agency, court or regulatory authority, that requires us to disclose personal data in line with applicable data protection laws; or
9.7.3 for anti-money laundering and terrorist financing purposes.
9.8 Processing subject to national laws: We may also use and process your personal data (including special category data such as information on your health specifically for insurance purposes) where we have a specific legal basis to do so under applicable data protection law.
10.1 In the event that the Services include a banking transaction, additional data regulations apply. These can be found in Schedule 1 of this Privacy Policy.
11.1 If you have made an enquiry or purchase on our website, or contact centre, your personal data may be used by us in the ways the law allows, to contact you by post, electronic means (e.g. e-mail or text message) and/or by phone with information and offers relating to products or services that you can book/purchase from CASA COLLECTIVE LTD . We will only do this if you did not opt out of such marketing at the point where we collected your contact details.
11.2 If you have not made an enquiry or purchase, we will only send you information and offers by e-mail or text message if you sign up (opt in) to receive such marketing, either directly through us or by telling a third-party that you would like to receive marketing from us.
11.3 The type of products and services that can be booked/purchased through CASA COLLECTIVE LTD are shown below. You will only receive marketing communications about those which we think are relevant to you:
11.3.1 travel and travel related services from our Group companies;
11.3.2 third-party products services which you can book through us;
11.3.3 holidays and travel arrangements from a CASA COLLECTIVE LTD website;
11.3.4 transfers;
11.3.5 holiday extras (for airport parking and hotels and car hire); and
11.3.6 excursions.
11.4 We will not pass your contact details to a third-party that is not one of our business partners involved in providing CASA COLLECTIVE LTD services or products for them to contact you or send you marketing communications unless you have expressly agreed that we may do so.
12.1 To try and ensure that our marketing communications and advertising are relevant to you, we work with third parties to offer a better experience to customers and potential customers.
12.2 Using new technologies and with the help of our advertising agencies and marketing activation platforms, we may use your personal data in the following ways:
12.2.1 to try to ensure any marketing communications we send to you are offering products or services likely to be of interest to you; and
12.2.2 to tailor and track our digital marketing (for example, our internet banner advertisements) and links from our marketing partners' websites to our website. This digital marketing may include marketing related to CASA COLLECTIVE LTD or marketing related to business partners to whom we provide advertising services.
12.3 Our business partners and advertising networks may serve you with non-personalised adverts on our website via advertising technology Google Double Click for Publishers. Non-personalised adverts are targeted using contextual information regarding the pages visited on our site, rather than the past behaviour of a user. We allow third parties to collect information about your online activities using cookies and other technologies. The third parties may include other CASA COLLECTIVE LTD Group companies, our suppliers/business partners who collect information when you view or interact with an advert on our website and advertising networks. We also collect information about your online activities using cookies and other technologies when you use websites other than our website to provide advertising services on behalf of our business partners. This technology allows us to display an advert to you relating to a business partner on other websites based on your page visits and other behaviours whilst on our website.
12.4 Please see our Cookies Policy for more information.
13.1 We understand you might no longer want to hear from us and that is okay. It is easy to opt-out or unsubscribe.
13.2 You have the right at any time to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by selecting the ‘no marketing’ option on the forms we use to collect your data. You can also exercise this right at any later time by using the unsubscribe link on any marketing e-mail you receive, by following the opt-out instructions on any direct marketing communication sent by post, or by sending an unsubscribe request to [email protected].
13.3 Please note – when you unsubscribe from marketing in respect of holiday and travel services, this opt-out will apply only to the CASA COLLECTIVE LTD marketing communication.
14.1 You have a number of rights in relation to your personal data under data protection law, including:
Your Right to Access Your Personal Information;
Your Right to Rectification;
Your Right of Erasure;
Your Right to Restriction of processing;
Your Right to Object to processing;
Your Right to Data portability;
15.1 Where we rely on your consent as the legal basis for processing your personal data or need to process it in connection with your contract, as set out in the section titled ‘How do we use your information when providing our services to you?’, you may ask us to provide you with a copy of that information in a structured data file.
15.2 You can ask us to send your personal data directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal data if it contains the personal data of other individuals or we have another lawful reason to withhold that information.
16.1 You have the right to lodge a complaint with the data protection regulator where you believe your legal rights have been infringed, or where you have reason to believe your personal data is being or has been used in a way that does not comply with the law. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website.
16.2 If you wish to contact us about this Privacy Policy, you can e-mail or write to the CASA COLLECTIVE LTD Data Protection Officer using the contact details below.
17.1 You have a right to ask for a copy of the personal data we hold about you, although you should be able to access online the personal data associated with your account or booking.
17.2 Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.
17.3 You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the Information Commissioner’s Office. To contact us about this Privacy Policy, to make a Data Subject Access Request, or a data protection related complaint, please submit your complaint or request. Any subject access request can be made in writing to:
CASA COLLECTIVE LTD
Suite 4 7th Floor, 50 Broadway, London, England, SW1H 0DB
21.4 Alternatively you can make a subject access request by e-mail to: [email protected].
21.5 Once you have made your request and provided us with the information, we need to begin a search for the data we hold on you (including proof of identity), we will have 30 days to respond.
18.1 Where you have made a booking or other purchase with us, your personal data will be retained to ensure we provide the best possible customer service to you. We retain your personal data for as long as is necessary for us to use your data as set out in this Privacy Policy. This will generally be for up to 7 years in relation to bookings/purchases, or 2 years since you last engaged with us after receiving a marketing communication, or such other time that may be required for our legal and audit purposes or that is required by law. After this period, we will securely erase your personal data. If your personal data is needed after this period for analytical, historical, or other legitimate business purposes, we will take appropriate measures to anonymise this personal data.
19.1 Our website includes links to other websites which include privacy policies of their own.
19.2 Our website contains links to and frames of websites of our principals, suppliers, advertisers, and other third parties. You can tell when a third-party is involved in supplying a product or service you have requested because their name will appear with ours. If you follow a link or otherwise use any of these other websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or for these third-party websites. Please check these policies before you submit any personal data to these websites.
Our Services may contain social media features such as Facebook and Instagram that have their own privacy notices. Please make sure you read their terms and conditions and privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for these features.
This Privacy Policy replaces all previous versions. We reserve the right to update or alter this Privacy Policy from time to time so please check it regularly on our website for any updates. You can request a copy of a previous version of our Privacy Policy. If the changes are significant, we will obtain your consent or provide a prominent notice on our website if and where this is required by applicable data protection laws.
CASA COLLECTIVE LTD is committed to working with you to obtain a fair resolution of any complaint or concerns about privacy. If, however, you believe that CASA COLLECTIVE LTD has not been able to assist with your complaint or concern, you have the right to make a complaint to the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.
Information Commissioner’s Office (United Kingdom)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
European Commissioner’s Office
European Commission
Secretary-General
B-1049 Brussels
BELGIUM
or
EU Commission office in your country
SCHEDULE 1
ADDITIONAL PROVISIONS FOR BANKING TRANSACTIONS IN THE EEA
In order to provide the Services, certain of the information we collect (as set out in this Privacy Policy) may be required to be transferred to other related companies or other entities, including those referred to in this section in their capacity as payment providers, payment processors or account holders (or similar capacities). You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country. Your use of the Services constitutes your consent to our transfer of such information to provide you the Services.