COVID-19 Travel Guidelines: In the current situation, OnGoEazy encourages its customers to ensure 'Safe Travel'. Check how the new guidelines may affect your travel click here
As the policy is in a layered format, you can re-route to the particular areas set out below with just a click. For better clarification, some of the terms are present in the policy. Please check the Glossary at the end.
1. IMPORTANT INFORMATION AND WHO WE ARE
In case of any concerns regarding the usage of your personal data, you may send a complaint to the Information Commissioner Office (ICO). The supervisory authority of the UK is accountable to protect and manage the data and address issues related to it (www.ico.org.uk). However, we would prefer to deal with your issues to address them before you contact the ICO. So if you have any concerns, please contact OnGoEazy first.
DATA WE COLLECT ABOUT OUR CUSTOMERS
By definition, personal information is data about an individual that can identify an individual by OnGoEazy. We gather, store, use and transfer personal data grouped as follows:
Identity Data: The information including a username, first name, last name with the passport number, title, marital status, gender and date of birth. To get all this information, we may need your passport copy.
Contact Data: The information comprises your delivery address, billing address, email address and contact number.
Financial Data: It has information about payment card and bank account details. WorldPay processes your payments, and we do not retrieve your financial data.
Transaction Data: The payment details and other data of the services purchased from us.
Technical Data: It includes login data, the IP address, and browser type with the version, operating system, time zone setting and location and other technologies on the device used by you to access this website.
Profile Data: It has the username and password, the preferences, interests, feedback and survey responses.
Usage Data: The details of your website use and services.Marketing and Communications Data includes information about your communication and receiving marketing preferences.
We gather, use and share Aggregated Data such as demographic or statistical data for marketing purposes. Aggregated Data is personal data that is not personal as per the law. It does not reveal your identity. For example, we may have your Usage Data, and from that, we may calculate the percentage of users using a specific website feature. If we accumulate Personal Data and Aggregated Data to identify you, it is treated as the combined data. It includes your personal data and is only according to the policies written under this Privacy Notice.
Under the Special Category of Personal Data, we gather relevant details to offer the services purchased with us. It includes information about dietary, health or medical support requirements (e.g. wheelchairs or oxygen). Additionally, we may also need a clearance prescription from your doctor to travel with a medical condition that includes pregnancy for more than 28 weeks. Apart from that, we do not use or collect data about ethnicity, race, sexual preferences, religion, orientation or political opinions etc.
IF YOU FAIL TO SHARE YOUR PERSONAL DATA WITH US
By law, if we need to gather your personal data to complete your booking request and due to any reason and you fail to provide it, we may not be held accountable for our inability to deliver our services or to offer you your requested bookings. However, we will notify you in this particular case about your request being cancelled by us.
HOW IS PERSONAL DATA COLLECTED?
Various methods used to gather data from you includes:
Direct interactions: You give us your Name, Contact and Financial Details while you fill in forms with us by post, phone, email or otherwise including:
We share your data about the requirements and travel arrangements from third-party suppliers. It is needed to coordinate with flights booked directly with the airline.
When you use our website your Technical Data or interactions on the site, your browsing device and pattern is saved. It is done with the help of cookies and similar technologies about which you can read in our updated Cookies Policy. If you visit our website using our cookies, we get your Technical Data.
Third-party or publicly available sources. We at OnGoEazy may get your personal data from third parties, as set out below:
Technical Data: (a) analytics [such as Google];
(b) advertising networks; and
(c) search information providers
Financial, Contact and Transaction Data from delivery and payment services such as WorldPay
When you book on behalf of someone else through OnGoEazy, we ask for travel preferences with personal information of everyone in the booking. Before sharing these details with us, you should ask for their consent and only after that disclose the information to us. If they feel like deleting or modifying their information, they may directly contact us or their data is accessible through your account.
HOW WE USE YOUR PERSONAL DATA
Based on the law, we are permitted to process your personal information, and we use your personal data only if the law permits us to do so. We use your personal details in the below-mentioned cases:
Legitimate interest refers to our interest in conducting and managing our business, enabling us to give you excellent service and a secure experience. Before using and processing your personal data, we try to balance any potential impact on you and your rights. We make sure your personal details are not for our interests that override the impact on you (unless we have your permission). You can collect further information about how we evaluate our legitimate interests against any potential impact on you concerning specific activities by contacting us.
Performance of Contract
It means to process your data to perform and deliver your service to which you are a party or to take steps to fulfil your request before entering into such a contract. Comply with a regulatory or legal obligation intended at processing your personal information where necessary that we are subject.
We do not rely on permission only as a legal basis to process your personal details other than sending you third-party direct marketing communications via emails. If you do not want to receive that, you must withdraw the permission to market at any time by contacting us on the given details.
Purpose To Use Your Personal Data
The below-mentioned are the ways we plan to utilize your personal data. Under the same, we have listed our legitimate interests for your details. We process your personal information for more than lawful grounds depending on the purpose of data use.
|Type of data
|Lawful basis for data processing including legitimate interest
|New customer registration
|Complete the requested services with you
|To complete the travel booking:
Payment management, fees and charges
Information about status updates about the service booked through us
Share the information with the suppliers to complete your booking
Collecting the payments that you owe us
(e) Marketing and Communications
|(a) Complete the services request
(b) Necessary for legitimate interests or recover due payments
|Customer relationship management:
(b) Asking for a service review
(d) Marketing and Communications
|(a) Complete the services request
(b) Necessary to comply with but under a legal obligation
(c) Necessary under legitimate interests to keep our data updated and insights on how users are using the website.
|To protect our business or the website (including troubleshooting, data analysis, testing, system maintenance, support, data hosting)
|(a) Necessary for our legitimate interests to run our business, network security, fraud prevention
(b) Necessary to comply with under a legal obligation
|Deliver website content and advertisements to our customers and measure the effectiveness of the served advertisement
(e) Marketing and Communications
|Necessary for legitimate interests to know how the customers use our services, to grow the business and to enhance our marketing strategy
|Use data analytics to improve our website, services, marketing, customer relationships and management
|Necessary for legitimate interests to define types of customers, to keep the website updated and relevant, business development
|Suggest and recommend services of your interest
|Necessary for legitimate interests to develop our services and grow the business
We give you an option to select the personal data uses, specifically for advertising and marketing. OnGoEazy lets you decide the marketing material you want to receive from us and if you opt-out of receiving it.
PROMOTIONAL OFFERS FROM US
We utilize your usage, name, contact and profile data. All the data is used to create a view and decide what you want, need or what is your interest. With this data, we decide the offers and services that may be necessary for you. We send marketing communications you have asked from us or information about the booked travel services on the details you shared with us. In this case, you have accepted receiving our marketing emails.
You send us an opt-in permit, and after receiving it, we share your personal information with any company outside the OnGoEazy for any purpose.
To opt out of receiving our marketing emails, you can ask us or the third party to stop sending emails by writing to us and changing your marketing preferences. It can be done by contacting us with the provided information. When you opt-out from receiving marketing messages, the same will not apply to personal details that we receive to make a booking or any other transactions.
CHANGE OF PURPOSE
We use your personal information for reasons we consider legitimate or for purposes similar to the booking confirmation. If you need any explanation related to the process for another reason, please feel free to contact us. If we use your personal information for an unrelated purpose, we will notify you.
5. DISCLOSURES OF YOUR DATA
We may share your details with the parties for the below-listed reasons: Internal Third Parties: Companies in the OnGoEazy acting as joint controllers and provide IT and system administration services or undertake leadership reporting.
External Third Parties: Travel service provider companies comprising hotel operators, airlines and similar businesses to complete your booking request. Data processors or service suppliers based out in the United Kingdom or European Economic Area (EEA).
Third parties to whom we transfer, sell, or merge our assets or our business. We may acquire other businesses or collaborate with them and share your information with their employees. All the third parties connected with us respect the security of your personal information and treat it by the law or as mentioned under this policy. We do not permit third parties to use your personal details for any other purpose except the one specified under our instructions.
We share your personal information within OnGoEazy. It includes transferring your data outside the EEA.
We ensure that your personal information is safe with us, and we follow the instructions while processing it. It is known as “binding corporate rules”. For more details, see European Commission: Binding corporate rules.
Our external third parties like hotels and airlines outside the EEA. They may process your personal details and transfer them outside the EEA. If we transfer your personal data out of the EEA, we make sure that a similar degree of protection guaranteed as you get here under the EEA law:
Personal data transfer to countries deemed to offer a sufficient level of protection for personal information by the European Commission.
If we use service suppliers, we may use the approved use of details by the European Commission. Under this policy, you will get the exact level of protection as in Europe. For further details, read the European Commission: Model contracts for transfer of personal information to third-party countries.
If we make use of service suppliers of the U.S., we transfer details to them only if they are a part of the Privacy Shield as per our policies. If they offer a similar level of protection to personal information shared between the U.S. and Europe.
In certain situations, we believe that the transfer is compulsory for our contract with you. For example, if a booking is made by us with a service provider outside the EEA or with your consent, which we seek and inform you about the circumstance. In such a case, you require any further details on the particular procedure used by us to transfer your personal information out of the EEA, feel free to contact us.
We have sufficient security measures helping in intercepting your personal data from being accidentally accessed or used in an unethical way. We limit our employees and third parties connected with us from accessing and using your personal details by any means. If they require your personal data, they utilize it on our instructions and are liable to a duty of confidentiality under this policy. We practise various procedures to deal with breach of the suspected data and notify you in case of any such activity.
We keep your personal data for as long as it is needed. We use it to provide services you requested comprising any accounting, legal or reporting requirements. The potential risk or harm from unethical usage is the deciding factor to disclose your personal data. We use your personal details used in previous transactions to offer the best possible service when you book with us again. As per the law, we have to keep your basic personal information for at least six years. After that, you cease the information being our customers, and this is for tax purposes. If you do not book with us again for more than six years, your data is deleted from our servers.
In certain conditions, you may ask us to delete your details. Sometimes we may anonymize your personal data and use it for statistical or research purposes. We use these details without any further notice to you.
YOUR LEGAL RIGHTS
In some situations, you have certain rights under data protection policies concerning your personal data. With this, you may: Request to access your personal information (generally known as 'data subject access request'). Under this policy, you receive a copy of your personal details we hold and check if we are processing it ethically and according to the laws. You can ask us to modify or correct your personal data. Under this, you have the right to get any inaccurate or incomplete data rectified. We will authenticate the accuracy of the new details and then complete the request.
Request to delete your personal information from our servers. You do not require any reason for the same and ask us to stop processing it.
Note: We may not be able to act following your request of deleting your personal details for any legal reasons, and we notify you at the time of the request.
When processing your personal information, we rely on a legitimate interest and your specific situation under which you want to question the processing. This objection should have the ground where it might impact on your fundamental right or freedom. If you have problems with direct marketing, your right to object is acceptable. In scenarios like this, we may demonstrate that we have legitimate grounds to process your data.
Also, you may request the processing of your personal data restriction. You may request us to stop the processing of your personal details on the below-mentioned grounds:
(a) to establish the accuracy of the data;
(b) unlawful use of the personal data;
(c) to keep hold of the data even if we no longer need it, exercise or defend legal claims;
(d) you have an objection to the use of your personal information but we require legitimate grounds to use it.
You may withdraw your permission at any time to process your personal information. Although, this will not affect the authority of any processing carried out before your withdrawal. Your withdrawal may lead to our lack of ability to offer you certain services. When you withdraw your consent, we will inform you about the process. If you still want to go ahead and practice any of the rights mentioned above, please contact us.
WHAT WE MAY NEED FROM YOU
We ask you for specific data to confirm your identity and ensure that you have the right to access your personal data (or any rights). For us, this is a security measure to make sure that personal information is not disclosed to any other individual who has no legal rights to it. We will contact you to ask you for further details about your request to speed up the response and process.
TIME LIMIT TO RESPOND
We respond to all the legitimate requests within 30 days from the day when the request is made. However, it may take longer than a month if your request is complex or you have made multiple requests. In these kinds of cases, we will keep you updated.