Data Protection
General Data Protection Regulation
How McTours may use your personal data
Last updated: 14th April 2026Data Protection and Privacy Policy
Last updated: April 2026
1. Introduction
McTours Ltd ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller Details:
- Company Name: McTours Ltd
- Registered Office: 23H Hughenden Drive, Glasgow, G12 9XZ, Scotland, UK
- Trading Address: 8 Mossland Drive, Hillington Park, Glasgow, G52 4FA, Scotland, UK
- Contact Email: hi@mctours.eu
- Privacy Enquiries: privacy@mctours.eu
- Telephone: +44 (0)141 416 0230
2. What Personal Data We Collect
We collect and process the following types of personal data:
2.1 Information You Provide Directly:
- Contact Details: Name, email address, telephone number, postal address
- Booking Information: Tour preferences, travel dates, number of riders/pillions, special requirements
- Payment Information: Billing address (payment card details are processed by our secure payment provider and not stored by us)
- Travel Documents: Driving licence details (when required for motorcycle rental or third-party services)
- Communications: Enquiry messages, booking notes, customer service correspondence
2.2 Information We Collect Automatically:
- Website Usage Data: IP address, browser type, pages visited, time spent on pages (via Google Analytics and Microsoft Clarity)
- Cookies: See our Cookie Policy for details
2.3 Photographs and Videos:
- Images and videos taken during tours may be used for marketing purposes with your consent (see Section 7 below)
3. How We Use Your Personal Data
We process your personal data for the following purposes, based on the legal grounds outlined:
- Processing bookings and enquiries
- Legal Basis: Performance of a contract / Legitimate interest
- Delivering tours and services
- Legal Basis: Performance of a contract
- Communicating about your booking (confirmations, updates)
- Legal Basis: Performance of a contract
- Processing payments
- Legal Basis: Performance of a contract
- Sending marketing communications (only with consent)
- Legal Basis: Consent
- Improving our website and services (analytics)
- Legal Basis: Legitimate interest
- Complying with legal obligations (e.g., tax, accounting)
- Legal Basis: Legal obligation
- Investigating complaints or incidents
- Legal Basis: Legitimate interest / Legal obligation
We will never:
- Share your data with third parties for their marketing purposes without your explicit consent
- Sell your personal data
- Use your data for purposes incompatible with those stated at the time of collection
4. Who We Share Your Data With
We may share your personal data with the following third parties, but only when necessary:
4.1 Service Providers:
- Email Service Providers (for sending booking confirmations and communications)
- Payment Processors (secure third-party providers who process card payments)
- Web Hosting Providers (to maintain our website infrastructure)
- Analytics Providers (Google Analytics, Microsoft Clarity – anonymised data only)
4.2 Tour Partners:
- Motorcycle Rental Companies (when you hire a motorcycle through us – we share driving licence and contact details)
- Accommodation Providers (to confirm bookings)
- Local Tour Guides or Support Services (where applicable)
4.3 Legal Obligations:
- Law enforcement or regulatory authorities (if required by law or to protect our legal rights)
All third parties we work with are required to:
- Process your data securely and in accordance with UK GDPR
- Only use your data for the specific purpose we shared it
- Delete or return your data when no longer needed
5. How Long We Keep Your Data
We retain your personal data for the following periods:
- Enquiries (not converted to bookings)
- 2 years from enquiry date
- Bookings and tour records
- 7 years (for accounting and legal purposes)
- Marketing consent records
- Until consent is withdrawn, then 1 year for audit purposes
- Website analytics (anonymised)
- 26 months (Google Analytics default)
- Motorcycle rental records
- 7 years (insurance and legal purposes)
After the retention period expires, we securely delete or anonymise your data.
6. Your Data Protection Rights
Under UK GDPR, you have the following rights:
✅ Right of Access
Request a copy of the personal data we hold about you (free of charge).
✅ Right to Rectification
Request correction of inaccurate or incomplete data.
✅ Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data (subject to legal retention obligations).
✅ Right to Restrict Processing
Request that we limit how we use your data (e.g., keep it but not process it).
✅ Right to Data Portability
Request a copy of your data in a structured, machine-readable format (where technically feasible).
✅ Right to Object
Object to processing of your data for marketing purposes or based on legitimate interests.
✅ Right to Withdraw Consent
Withdraw consent for marketing communications or data processing at any time (does not affect lawful processing before withdrawal).
How to Exercise Your Rights:
- Email: privacy@mctours.eu or hi@mctours.eu
- Post: McTours Ltd, 8 Mossland Drive, Hillington Park, Glasgow, G52 4FA, Scotland
- We will respond to all requests within 30 days (we may request proof of identity to verify your request)
7. Photographs and Videos Taken on Tours
7.1 Consent
By participating in a tour, you grant specific, informed, and unambiguous consent for McTours and fellow participants to capture and share photographs/videos on social media platforms (e.g., Facebook, Instagram, YouTube).
7.2 Withdrawal of Consent
If you wish to withdraw consent:
- Before the tour: Inform your tour guide at the start
- After the tour: Contact us at hi@mctours.eu
We will remove images we control, but cannot control images already shared by other participants on third-party platforms (as we are not the data controller for that content).
7.3 Opting Out
If you do not consent to being photographed, please inform your tour guide and fellow participants at the start of the tour.
8. International Data Transfers
We primarily store data within the UK/EU. If data is transferred outside the UK (e.g., to cloud hosting providers such as Microsoft based in the USA), we ensure adequate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO)
- Adequacy decisions (countries deemed to have equivalent data protection standards)
9. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption (SSL/TLS for website transmission, encrypted databases)
- Access Controls (restricted access to personal data on a need-to-know basis)
- Regular Security Audits (monitoring for vulnerabilities)
- Secure Payment Processing (PCI-DSS compliant third-party providers)
9.1 Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights, we will:
- Notify the ICO within 72 hours (as required by law)
- Notify affected individuals without undue delay
- Take immediate steps to mitigate harm
10. Cookies and Website Analytics
We use cookies to improve website functionality and analyse usage. See our Cookie Policy for details on:
- Types of cookies used (essential, analytics, marketing)
- How to manage cookie preferences
- Third-party analytics (Google Analytics, Microsoft Clarity)
11. Marketing Communications
We only send marketing emails (tour updates, special offers) if you have explicitly consented via:
- Enquiry or booking forms (GDPR consent checkbox)
- Subscription to our mailing list
You can unsubscribe at any time by:
- Clicking "Unsubscribe" in any marketing email
- Emailing hi@mctours.eu
- Updating your preferences (if we implement a preference centre)
12. Children's Privacy
We do not knowingly collect personal data from individuals under 16 without parental consent. If you believe we have inadvertently collected such data, please contact us immediately at privacy@mctours.eu.
13. Changes to This Policy
We may update this policy periodically to reflect:
- Changes in UK GDPR or data protection laws
- New business practices or technologies
- Feedback from regulators or users
Effective Date: Changes take effect on the date posted. We encourage you to review this policy regularly.
14. Complaints and Contact
If you believe we have not handled your data correctly, you can:
14.1 Contact Us:
- Email: privacy@mctours.eu
- Post: McTours Ltd, 8 Mossland Drive, Hillington Park, Glasgow, G52 4FA
14.2 Lodge a Complaint with the ICO:
If we cannot resolve your concern, you have the right to lodge a complaint with the UK's data protection authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
15. Summary of Key Points
Your Rights
- ✅ Access your data
- ✅ Correct inaccurate data
- ✅ Delete your data
- ✅ Object to marketing
- ✅ Withdraw consent anytime
- ✅ Complain to the ICO
How We Protect You
- ✅ Encrypted data transmission
- ✅ Secure storage (UK/EU servers)
- ✅ Limited data retention periods
- ✅ Easy unsubscribe options
- ✅ Transparent consent processes
- ✅ Responsive privacy team
For any questions about this policy, contact:
Email: privacy@mctours.eu
Phone: +44 (0)141 416 0230