Privacy Policy

Heritage Golf Travel (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at heritagegolftravel.co.uk, make an enquiry, or book a golf travel experience with us.

We are registered in England and Wales under Company No. 16456639, with our registered address at 167 Leziate Drove, Ashwicken, Norfolk, England, PE32 1LU.

This policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully. If you have any questions, contact us at privacy@heritagegolftravel.co.uk.

We may collect and process the following categories of personal data:

• Identity data: first name, last name, title, date of birth.
• Contact data: email address, telephone number, postal address.
• Travel & booking data: passport details, travel preferences, dietary requirements, accessibility needs, golf handicap, and other information relevant to arranging your trip.
• Financial data: payment card details (processed securely via our payment provider; we do not store full card numbers).
• Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system, and other technology on the devices you use to access our website.
• Usage data: information about how you use our website, products, and services.
• Marketing & communications data: your preferences in receiving marketing from us and your communication preferences.

We do not collect any special category data (such as health information) unless it is strictly necessary to arrange your travel and you have given us explicit consent to do so.

We collect data through the following means:

• Direct interactions: when you complete an enquiry form, email us, call us, or correspond with us by post.
• Automated technologies: as you interact with our website, we may automatically collect technical and usage data. We collect this data using cookies and similar technologies — see our Cookie section below.
• Third parties: we may receive data about you from analytics providers, advertising networks, and search information providers.

We use your personal data for the following purposes and on the following legal bases:

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.

We may share your personal data with the following categories of third parties where necessary to deliver your travel experience or operate our business:

• Golf courses, hotels, and resorts included in your itinerary, for the purpose of making reservations on your behalf.
• Transport providers (private car, helicopter, or other executive transport) where arranged as part of your trip.
• Payment processors who provide secure payment infrastructure.
• IT and technology service providers who support our website and business systems.
• Professional advisers including lawyers, accountants, and insurers.
• Regulatory authorities where required by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

We do not sell your personal data to any third party.

Some of our third-party service providers are based outside the UK. Where we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

• Transferring to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government.
• Using specific contracts approved by the UK Information Commissioner's Office (ICO) which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

In general, we retain:

• Booking and financial records for 7 years following the completion of your travel, in line with HMRC requirements.
• Enquiry data (where no booking results) for up to 2 years.
• Marketing preferences until you withdraw consent or unsubscribe.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access — to request a copy of the personal data we hold about you.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure — to request deletion of your personal data in certain circumstances.
• Right to restrict processing — to request that we suspend processing of your data in certain circumstances.
• Right to data portability — to request transfer of your data to you or a third party in a structured, machine-readable format.
• Right to object — to object to processing of your personal data where we rely on legitimate interests.
• Rights related to automated decision-making — we do not use automated decision-making or profiling that produces legal or similarly significant effects.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at privacy@heritagegolftravel.co.uk. We will respond within one calendar month. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or by calling 0303 123 1113.

Our website uses cookies and similar tracking technologies to distinguish you from other users and to improve your experience. Cookies are small text files placed on your device.

We use the following types of cookies:

• Strictly necessary cookies: required for the website to function and cannot be switched off. They are usually set in response to actions you take, such as setting your privacy preferences or filling in forms.
• Performance cookies: allow us to count visits and traffic sources so we can measure and improve the performance of our site (e.g. Google Analytics).
• Functional cookies: enable the website to provide enhanced functionality and personalisation.
• Targeting cookies: may be set through our site by our advertising partners to build a profile of your interests.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These include:

• SSL/TLS encryption for all data transmitted via our website.
• Access controls limiting who within our organisation can access personal data.
• Regular review of our information collection, storage, and processing practices.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by law.

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. Where changes are significant, we will provide a more prominent notice.

We encourage you to review this page periodically to stay informed about how we protect your information.