Lennox Executive Travel

Call

+44 131 2022 400

Privacy Policy

General Data Protection Regulation (GDPR) Policy

Lennox Executive Travel

  1. Purpose of the Policy

This policy outlines how Lennox Executive Travel complies with the General Data Protection Regulation (GDPR) to ensure the lawful, fair, and transparent processing of personal data.

 

  1. Scope

This policy applies to all staff, contractors, and third parties involved in collecting, processing, or storing personal data on behalf of Lennox Executive Travel.

 

  1. Data Collection and Processing
  • Personal Data Collected:

Lennox Executive Travel collects names, email addresses, phone numbers, and payment details for bookings, reservations, marketing purposes, sales, and enquiries.

  • Sources of Data:

Data is collected via email, the company website, and phone calls.

 

  1. Legal Basis for Processing

Lennox Executive Travel processes personal data under the following legal grounds:

  • Contractual Obligation: To facilitate bookings and provide services.
  • Legitimate Interests: For marketing and business communication.
  • Consent: Where explicit permission is obtained (e.g., for email marketing).

 

  1. Data Sharing
  • Personal data is shared with banks solely for payment processing.
  • Data is not shared with third parties for marketing or other purposes unless explicit consent is obtained.

 

  1. Data Retention Policy

Lennox Executive Travel retains personal data as follows:

  • Booking and Reservation Data: Retained for 6 years to comply with accounting and legal obligations.
  • Marketing Data: Retained until consent is withdrawn or after 2 years of inactivity.
  • Payment Information: Retained for 12 months post-transaction unless longer retention is required by law.

Personal data will be securely deleted or anonymized once retention periods expire unless retention is required for legal claims or compliance.

 

  1. Rights of Data Subjects

Under GDPR, customers have the right to:

  • Access: Request a copy of their personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of their data (“Right to be Forgotten”).
  • Restriction: Limit processing of their data.
  • Data Portability: Receive their data in a portable format.
  • Object: Challenge data processing for marketing purposes.

Requests can be made via email or the website’s contact form.

 

  1. Procedure for Verifying Data Subject Requests

To ensure authenticity and protect customer data:

  • Identity verification is required for data access, rectification, or deletion requests.
  • Proof of identity (e.g., photo ID or utility bill) must be provided.
  • Requests will be processed within 30 days of verification.

 

  1. Cookies and Tracking

Lennox Executive Travel does not use cookies or other tracking technologies on its website.

 

  1. International Data Transfers

Lennox Executive Travel does not transfer personal data outside the UK.

 

  1. Data Security

Measures are in place to protect data, including secure servers and access control. Staff contracts include data protection clauses to ensure compliance.

 

  1. Data Breaches

In the event of a data breach:

  1. Affected individuals will be notified via email, explaining:
  • The nature of the breach.
  • Data potentially exposed.
  • Steps taken to mitigate the risk.
  • Guidance for protecting personal information (e.g., changing passwords).
  1. The ICO will be informed within 72 hours, including:
  • Details of the breach.
  • Measures taken to address the issue.
  • Potential impacts and mitigation steps.

 

  1. Governance

The Director oversees data protection and handles privacy-related queries. There is no dedicated Data Protection Officer.

 

  1. Complaints

If customers are dissatisfied with how their data is handled, they may contact the company or the ICO.

 

 

Scroll to Top