- 26 Sep 2024
- Print
- PDF
Privacy Policy
- Updated on 26 Sep 2024
- Print
- PDF
Welcome to “https://www.weski.co.uk“ (the “Website”), an online portal that lets you search for and book snow-ski and other package holidays that we have available for sale.
WeTrip Limited (referred to herein as 'WeTrip', 'we', 'us' or 'our') respects your privacy and is committed to protecting your personal data through our website www.weski.co.uk (the 'Website').
We own and operate this Website, which we use as an online portal that lets Website visitors ('you') search for and book snow-ski and other package holidays that we have available for sale (collectively, our 'Travel Services'). The Website is used to display, market and promote, offer for sale and sell Travel Services on and through it. Our goal is to provide you with the best possible Travel Services and customer experience – all the personal data that we process is in pursuit of these aims.
This Privacy Policy (the 'Policy') explains our privacy practices for the services we offer through our Website, including how we look after your personal data when you visit our Website (regardless of where you visit it from) and it tells you about your privacy rights and how the law protects you.
It is important that you read this Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Policy supplements the other notices and is not intended to override them.
Purpose of this policy
Wetrip Weski Limited is registered with UK Companies House under company number FC036412, representing Wetrip Limited, a foreign entity.
Wetrip Limited is an online travel company registered in Israel with company number 515375988. Wetrip Limited may share personal data collected through this Website with the other companies in its corporate group, including Weski Limited, registered with company number 10908502. This Policy should be read with Wetrip Limited's Website Terms of Service (the “Terms“) and forms a part of them. Please refer to the Terms for more information about how the Website operates. This Policy will also be followed by us in connection with the Travel Services you book though the Website.
Data controller
Wetrip Limited is a “controller“ under the UK's Data Protection Act 2018 and the EU General Data Protection Regulation 2016/679 (the 'GDPR') (together 'Data Protection Law') of any personal data collected through the Website or in connection with the Travel Services WeTrip offer through the Website.
Contact details
Our full details are:
Full commercial name: WeSki
Privacy Manager: David Benzimra
Email address: contact@weski.com
Phone number: +44 (0) 20 3991 1273
If you have any questions or complaints please contact us.
You also have the right to make a complaint at any time to the Information Commissioner's Office(ICO), the UK supervisory authority for data protection issues(www.ico.org.uk).
Changes to the policy and your duty to inform us of changes
Please note that this Policy may be updated from time to time, so please remember to check back on a regular basis. This version was last updated on May 1st, 2024. When we do make changes to this Policy we will state so on the Website.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party links
The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy/notice of every website you visit.
The data we collect about you
Under Data Protection Law, personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together in the following broad categories:
- Identity Data - includes details required for registering with the Website, such as first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, nationality, passport details.
- Contact Data - Data includes email address and telephone numbers.
- Financial Data - includes bank account and payment card details as well as Paypal details or other methods of payment. These details will be processed through a third party billing provider.
- Transaction Data - Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data - includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data - includes your username and password, your interests, preferences, feedback and survey responses.
- Usage Data - includes information about how you use our website, products and services.
- Marketing and Communications Data - includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Aggregated data
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data has been anonymised and does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Special categories of personal data
Data Protection Law recognizes that some categories of personal data are more sensitive than others and therefore greater care must be taken when processing it.
These Special Categories of Personal Data includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
In the normal course of registering with the Website and booking our products you are unlikely to be required to provide Special Categories of Personal Data. However, in the course of booking, you may also voluntarily provide additional information regarding specific needs or requirements that could be categorized as 'Special Categories' of Personal Data. This could include, for example, information revealing your health (pregnancy, medical condition, dietary requirements, any additional assistance you require etc.), and/or other information which may indicate your personal or private affairs, such as information revealing your religion, ethnicity, sex life or orientation (for example you might request certain foods which would indicate your religion, or ask for hotel or bar recommendations which might indicate your sexual orientation).
Children
We do not knowingly or intentionally collect information about children who are under 13 years of age except when this is provided by the parents or legal guardians of such children. Information which parents or legal guardians may give us includes for example name, date of birth and age, passport number and expiry date and any special requirements for those children which would assist us to provide the Travel Services.
When registering with our Website for the purposes of booking Travel Services you will be asked to disclose your age. By indicating in your online registration that you are 13 or over, you are acknowledging that for the purposes of Data Protection Law you can give valid consent for us to process your personal data and we shall rely on this representation.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Travel Services). In this case, we may have to cancel the Travel Services you have with us but we will notify you if this is the case at the time.
How is your personal data collected
We use different methods to collect data from and about you, including through:
Direct interactions
Only registered users may book Travel Services from us on the Website. You may register by providing Identity, Contact and Financial Data we request for registration.
Additionally you may provide such personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes subscribing to our Website, submitting inquiries to us and providing us with feedback.
When you book Travel Services with us for other people in your group, you will be asked that you provide personal data regarding those other people, such as their names, gender, dates of birth, passport numbers, etc. Before you provide such information, you must lawfully obtain the consent of all those travelling with you to provide us the information for the purposes described in this Policy.
Automated technologies or interactions
We use third party analytics and advertising tools to collect information about your activities on the Website. This includes the information or content that you opened, viewed or clicked on, your session durations, the web pages you accessed, the Internet Protocol (IP) address through which you accessed the Website and the city or town where the computer you used to access the Website is located. For more information, please see the 'Cookies' section of the Policy, below.
Third parties or publicly available sources
We may receive personal data about you from various third parties [and public sources] as set out below:
- Technical Data from the following parties: analytics providers such as Google based outside the EU, advertising networks such as Google based outside the EU and search information providers such as Google based outside the EU
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Braintree and PayPal based outside the EU.
- Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside or outside the EU.
Social media
Like many other organisations, we provide you with an option to register on our Website using your Facebook account. If you choose to register in this way, we will be able to retrieve your profile information from Facebook (including personal data such as your name, profile picture and email address). We will only use this personal data in accordance with this privacy policy, and we can only access the information that Facebook makes available by default to third parties like us.
You may “share“ the details of your booking with your Facebook friends with whom you booked the package. You may also “share“ the details of your bookings on your Facebook wall. In these cases, the details of your bookings will be posted on Facebook and viewable by your Facebook friends, Facebook users, or Internet users in general (according to the particulars of your “share“).
Facebook's use of information is governed by Facebook's privacy policy and controlled by it, not by this Policy or us.
How we use your personal data
We will only use your personal data when Data Protection Law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- In some limited cases we may rely on your consent.
You have the right to object to marketing communications at any time by contacting us.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of the ways we plan to use your personal data, and which of the lawful grounds we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please Contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
---|---|---|
To register you as a new customer on the Website | Identity, Contact | Performance of a contract with you |
To process and facilitate the Travel Services you have booked: Manage payments, fees and charges; Procure the services of our suppliers and Collect and recover money owed to us | Identity, Contact, Financial, Transaction, Marketing and Communications | Performance of a contract with you; Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you which will include: Sending you "service" vouchers, notices and messages related to Travel Services you booked from us; Notifying you about changes to our terms or privacy policy; Asking you to leave a review or take a survey and Handling enquiries that you send to us regarding our Travel Services or the Website | Identity, Contact, Profile, Marketing and Communications | Performance of a contract with you; Necessary to comply with a legal obligation; Necessary for our legitimate interests (to keep our records updated; to provide our customers with the best possible service; to study how customers use our products/services) |
To enable you to partake in a prize draw, competition, promotional offer or complete a survey | Identity, Contact, Profile, Usage, Marketing and Communications | Performance of a contract with you; Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
To administer, protect and improve our business and this Website including: Troubleshooting; Data analysis such as collecting statistical information about users' experience, including combining personal data to create pseudonymised user profiles; Testing and System maintenance; Technical support and Reporting and hosting of data | Identity, Contact and Technical | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise); Necessary to comply with a legal obligation |
To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | Identity, Contact, Profile, Usage, Marketing and Communications and Technical | Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy); Consent (cookies) |
To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences | Technical and Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about goods or services that may be of interest to you | Identity, Contact, Usage, Technical and Profile | Necessary for our legitimate interests (to develop our products/services and grow our business); Consent |
To comply with our legal obligations | Identity, Contact, Profile, Usage, Marketing and Communications and Technical | As required by law; Necessary for our legitimate interest to help detect and investigate illegal activities |
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
- You may receive marketing communications from us if:
- You have requested information from us
- Purchased goods or services from us
- If you have created an account on our Website or our satellite sites
- If you have registered your personal data on one of our Apps
- If you provided us with your details when you entered a competition or registered for a promotion or product announcement
And if, in each case, you have not opted out of receiving that marketing.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any company outside the WeTrip group of companies for marketing purposes.
Opting out
You are free to use the options provided in emails we send to you to alter your choices about how we contact you for marketing purposes or to inform us that you no longer wish to receive marketing material (such material sent to you by email contains an "unsubscribe" option that you can click on). These are the quickest and most convenient options. You can also email or call us at any time to change your marketing preferences.
Please note that where you opt out of receiving these marketing messages we may still hold your personal data for other purposes, such as to administer your account or deliver
Travel Services requested by you.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see Section 5 below.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Cookies and other trackers
Various types of cookies and other types of web trackers are used in this Website, to help administer and operate it and to deliver more relevant content and ads more effectively.
These trackers are used for the following main purposes:
- Collect statistical information about your use of the Website, as explained above in the section titled 'Information we collect automatically'
- Collect behavioral information about your surfing on our the Website and other websites which then helps advertisers deliver ads that are more relevant to you (this is known as "retargeting"). These cookies originate from third parties, including Google
- Authenticate you as a registered user of the Website.
You can read more about the types of cookies used by Google and its partners and how they use them. You can also read more about how Google uses advertising cookies.
If you wish to block cookies, you may do so through your browser's settings. You can delete cookies that are already on your computer and you can set your browser to prevent them from being placed going forward.Please refer to the browser's help menu for further information.
Disclosures of your personal data
We may have to share your personal data with the following categories of recipients:
- Companies in our corporate group: our subsidiaries (any organisation we own or control, and/or any organisation that owns or controls us) and any of their subsidiaries. We may share information for purposes including storage and backup of data, coordination of our group marketing campaigns and for other group administrative functions. These companies will only use your personal data as permitted by this privacy policy.
- Suppliers, service providers and advisors: third parties who provide a service to us, for example cloud services providers, Google Analytics, other IT or payment processing services, or our legal and professional advisors. These recipients will only be allowed to use your personal data in order to carry out our instructions or as otherwise required by law.
- Local agents, hotels and travel service providers: we will share personal data required by our local agents, hotels and travel service providers so that they can arrange the Travel Services you request.
- Purchasers of our business: personal data may be disclosed or transferred to buyers or prospective buyers of our business or any of our assets as part of any such sale.
- Regulators, law enforcement, and other parties for legal reasons: sometimes we may be under a legal obligation, or have a legitimate interest, to share your personal data with law enforcement agencies, regulators, or other third parties.
We may provide third parties with aggregate statistical information and analytics about users of our Website or our App, but your personal data will be removed before we do so.
As far as we can, we require all third parties to respect the security of your personal data and to treat it in accordance with the law.
International transfers
We share your personal data within the WeTrip group. If you are based in the European Economic Area (EEA), this will involve transferring your data outside the EEA, to Israel.
Given the nature of our business and the Travel Services that we provide to you, many of our external third parties with whom we have to share your personal data are based outside the EEA, so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA to a destination which has not been deemed 'adequate' by the European Commission, we ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards or derogations applies:
- The transfer is necessary for the performance of a contract between you (the data subject) and WeTrip or the implementation of pre-contractual measures taken at your (the data subject's) request
- You have explicitly consented to the transfer of your personal data out of the EEA
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Data security
Looking after your personal data is a priority for us.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees and third Parties who have a legitimate need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
The unfortunate reality is that there are security threats on the internet and transmitting personal data online cannot be completely secure. While we use our best endeavors to safeguard your online personal data, we cannot guarantee the security of such data when it is transmitted to our website.
Our website may contain links to sites belonging to other organisations. We Endeavour to only share links which maintain high standards when it comes to data protection and privacy. However, we are not responsible for how these organisations manage data privacy, so we encourage you to always refer to their privacy policies.
Data retention
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for (as set out in Section 4), including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see Section 10 for more information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have rights under the Data Protection Law in relation to your personal data. You have the right to:
- Request access to your personal data (commonly known as a 'data subject access request'). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Object to automated-decision making, meaning decision-making which takes place when an electronic system uses personal data to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
As mentioned in Section 8 on Data Security, our Website may from time to time contain links to and from the websites of partner networks. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How to exercise your rights
If you want more information about or wish to exercise any of the rights set out above, please contact us using the details set out Section 1.
No fee usually required
We will not charge you a fee for the legitimate and reasonable exercise of these rights, such as a subject access request. However we reserve the right to charge a reasonable fee for requests which we deem to be clearly unfounded, disproportionate/excessive or repetitive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
Subject access requests can only be processed if you provide us with the necessary information. You will need to provide us with:
- Your name and postal address
- A photocopy of your passport or driving licence, so that we can verify your identity
- Your signature (or email signature) and the date of your request
- If you are applying on behalf of another individual, a signed authority from that individual
- Any further details which may help us locate the information you are requesting, for example: Booking reference or vacation location and dates, Membership/account number, Your email address and If you have called us on the telephone then the number you called from, the number and option you dialed and the date and time of your call.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.