General Data Protection Regulation
How McTours may use your personal data
Our Data Policy highlights how McTours process and use people's personal data. Ultimately, you have control over how your data is used. If you share your data with McTours you can rest assured that we will treat your data with respect, only use for the purpose it was supplied, we will not share with others without your prior consent all data is transmitted securely and encrypted. We will only use your personal information to administer your account and:
- Keep you informed about details of any tour you have booked.
- Deliver the tour, product or service you have requested from us.
- Advise you about other tours, products or services we may offer that could be of interest to you.
We may track data around email interaction to understand whether communications have reached you. We may combine data from other sources into one place, to deliver a more personalised experience to you.
Any person who has chosen to share data with McTours should be aware of their rights as outlined in these EU rules
If you have supplied personal data to McTours at any time then upon request we will detail what we have retained. If you see no reason why we should still hold your data we will irretrievably destroy any personal data we hold about you upon request. Taking a less drastic step you can simply object to any processing of your personal data for marketing purposes or you can impose restrictions on how we hold or process your personal data. If there is a reason why we cannot comply (e.g. it is alleged you were involved in a traffic violation during one of our tours and we are working with the authorities to resolve) we will state the reason and offer a time scale when we expect a resolution. We will always reply to any data access request within 28 days.
The General Data Protection Regulation (GDPR) will apply to companies who are based in the EU and global companies who process personal data about individuals in the EU from 25 May 2018. These regulations create consistent data protection rules across Europe. McTours Ltd re already fully compliant with GDPR and as you might expect with all other data protection laws affecting our business operation.
Photographs and video’s taken on tours may be shared on a multitude of social media platforms not only by McTours but also by others who took part in the event. You will appreciate that we have little control over how widespread the sharing of such data can extend. If you allow the images to be taken you are freely giving, specific, informed and unambiguous consent to their use. If you cannot agree to this then please let your fellow travellers know. If you grant consent and withdraw it later we process what we control but will not have control to remove all instances of shared material because we are not the data controller for that material.
We will not share your details with any third party without you prior consent e.g. we may need to supply your driving license details to a rental partner.
We take steps to ensure that any businesses that we work with have security protocols and policies in place to manage and record any of your data that we share with them to ensure your privacy and preferences are appropriately respected and that your data is stored correctly and securely.
Under the General Data Protection Regulation you have the rights:-
- Right to be forgotten: Users can request to have all their data deleted.
- Explicit Consent: Businesses must request consent to collect, use and move data.
- Mandatory data breach notifications: The authorities and users must be notified of data leaks within 72 hours.
- Privacy by Design: Privacy and data protection is a key consideration at the start and throughout a project lifecycle.
- Data Protection Officer: Large enterprises need to employ someone dedicated to managing data protection.
McTours is a small business and does not require this but we will ensure that any of our trading partners who require a Data Protection Officer have one before we share any data with them.
You may request:
- Copies of your data
- Rectification of any errors in your data
- Erasure of your data
- Object to us or restrict us from processing of your data
- and where our systems allow give electronic access to copies of your data in a digital format.