The 1998 Data Protection Act regulates the processing of personal data whether held electronically or in printed form. Cruising Excursions Limited is registered as a Data Controller under the Act and complies with the Data Protection Principles set out in the Act.
The company needs to process personal information about its customers to allow it to complete travel bookings, to facilitate delivery of tickets, administrate accounts, and keep customers informed of our activities. In addition data may be transferred outside of the European Union where such data is necessary for Cruising Excursions Ltd to complete a contract transaction with the data subject, or where it is required by a supplier to provide services covered by a contract with the data subject. Corporate information is not subject to the Data Protection Act.
All data subjects are entitled to know what information the company holds and processes about them and why; how to gain access to it; how to keep it up to date; and what the company is doing to comply with its obligations under the 1998 Act. All data subjects have the right to access any personal information kept about them by the company, either on computer or in a manual filing system. Some information can be accessed automatically by the data subject if they hold an authorised logon password. For information not automatically available, a subject access request may be made in writing only to the Data Protection Manager. The company may assert the right to make a charge on each occasion that such access is requested. In such cases a maximum charge of £10 would apply.
The company aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within 21 days unless there is good reason for delay (and in any event within 40 days). When a request for access cannot be met within 21 days, the reason will be explained in writing to the data subject making the request. All data subjects have the right to request that their information be amended, erased or not used to make contact with them for marketing purposes. However Cruising Excursions Ltd cannot alter information used as part of a past contract between the data subject and the company (for example a travel booking). The 1998 Act sets down a formal procedure for dealing with data subject access requests, which the company follows.
It is a condition of registration of members, affiliates, and direct purchase customers that they agree to the company's processing of specified classes of personal information. In general files will be kept for the period of the data subject's involvement with the company, and will be reviewed regularly to ensure the data is deleted when it is no longer necessary for processing.
Further details are available from the UK Compliance Officer (see below).