Privacy policy
1. The identity and contact details of the data controller
Your data will primarily be controlled by: The Blue Yonder
Company registration number: U63030KL2022PTC076517
Trading address:
Ambour and Mylu Holidays Private Limited
House No. 20/94, Pallavi House, Triprangode PO, Alathiyur, Malappuram, Malappuram. Kerala India 676102
* The Blue Yonder is a tour operator and travel agent, providing travel products (holiday packages) and other travel services by using third-party travel service providers. Therefore, in case of a booking (any reservations to be made on behalf of the customer) certain data will have to be forwarded to third-parties, so that the services can be provided in favour of the customer. The volume and items of data to be forwarded may vary depending on the nature of service(s) to be provided. See below for more details.
2. The contact details of the person in charge of data protection matters at our organisation
Mr. Gopinath Parayil
Founder
The Blue Yonder
Phone: +91 90475 23960
E-mail: gopi@theblueyonder.com
3. The reason we are processing your data and the legal basis on which we are processing it
Consent
When using our website, over the phone or via email we do ask for your consent for using your data, either electronically (by asking you to check boxes during the enquiry / booking process), or over the phone or in writing in the form of an email, fax or postal letter. Without obtaining your consent in either format we cannot, and we will not use your data.
Your consent to data processing and/or holding will be tracked and documented, this will include when, how and for what purpose you have approved us using your data, as well as when, how and to what extent you tell us otherwise.
Data Processing
Processing your data is necessary to be able to obtain and provide you with the travel services you have initially enquired about, followed by your acceptance and agreement to our booking terms and conditions.
Travel services cannot be booked without certain personal details, in most cases service providers require the correct and full names, date of birth, nationality, however often a wider range of information is required and to be passed on to the (third-party) * service providers.
* You can read below about providing your data to third parties.
Also, when you make a booking with us, it is required by the law that we do to take more details of the “lead passenger”, such as full address and further contact details, such as phone number(s), email address(es), in some cases passport details, which may be required for all passengers in the party.
According to policies and legal requirements tour operators are regulated by, these details then must appear on the documentation issued in relation to the booking, such as the detailed confirmation (showing all members of the party and all services booked), the invoice, the certificates and on tickets, vouchers etc.
We may also use the postal and email address you give us to send you confirmation and itinerary documentation.
We will use the name and contact details of people you have identified as ’emergency contacts’ as well as details of your travel insurance policy to contact relevant individuals and insurance companies in the event of an emergency involving you.
Your credit / debit card or other payment details may be used to take authorised payments for your travel arrangements or to process refunds.
We need to understand any special requirements you have (such as those relating to any dietary requirement, disability or medical condition) so that we can check that the travel arrangements you have selected are appropriate for you. Where appropriate, and with your specific consent, we will pass this information on to the suppliers of your travel arrangements so that they can plan your travel requirements effectively.
The passport details of all members of the travelling party will be used to book flights and to expedite immigration processes when possible. If we ask for your mother’s maiden name, it will be used to obtain any visa necessary for your travel.
We may also pass on other information relating to you for immigration, security and anti-terrorism purposes; or for any other purposes which a government authority determines appropriate or to comply with a relevant legal or regulatory obligation that we have. For example, in some countries, we are required to provide Advance Passenger Information to border control, customs and law enforcement officers at ports of entry and exit on your itinerary.
We may pass selected information to organisations who act as “data processors” on our behalf in order to provide you with our services. These functions include direct marketing, administration, customer care, website hosting and the re-organisation/structuring/sale of our business.
These third parties have agreed to confidentiality obligations and to use any personal information we share with them or which they collect on our behalf solely for the purposes of providing their service to us.
If you would like to withdraw your consent to our use of the information as set out above, you should inform us as soon as possible by writing to us at the above address. But please note the implications if you withdraw your consent to us using your information as described. Without processing your data we are unable to provide you with the services requested, in fact we cannot even proceed with your booking.
Should you fail to provide us with the data requested, solely and simply we will be unable to book services in favour of you and your party. In this case, we will have no choice but to reject your booking and all your details already collected will be deleted immediately. Should you still wish to book with us, a new enquiry will have to be initiated and be ready to provide us with the requested set of data.
We would also like to point out that The Blue Yonder is not responsible for any incorrectly provided data, such as incorrectly spelled names, date of birth (including deliberately providing incorrect dates for passengers to be classified as infants / children / teens merely to get a better price).
We will only use your information for marketing purposes if you give us your explicit consent (which we will collect separately). We will never share information about you with third parties for their own marketing purposes.
Data Holding (Storing)
If you have enquired about any of our travel products (holiday packages) and / or travel services offered using our website, or over the phone, or via email or via any form of communication:
a) In case of materialisation (your enquiry converts into a booking with us):
When followed by your enquiry and our acceptance you decide to go ahead with the travel products (holiday packages) and / or travel services you enter into a booking with The Blue Yonder (or one of its service providers) that will be legally binding and in place till the completion of the confirmed travel products (holiday packages) and / or travel services. Therefore, a customer (booking) file will be created for you, which we are obliged to keep for a longer period by different regulations.
We will keep all your data needed and used at the time of the booking for 5 years following the full completion of services or as long as we are obliged to hold customer (booking) files by the relevant legislations. Keeping your data means we will keep your booking file (physical / printed documentation) within our secure archives at our premises and also electronically in our booking systems. Some of these systems will auto delete your data within a shorter period, however data used for issuing invoices will not be deleted from our systems but might be anonymised.
We will always ask for your consent separately whether you would like to be included in our email list used for marketing purposes and based on your choice we will handle those data items accordingly, which should be limited to your name, email address provided (and IP address logged). We will keep this information on file and will approach you from time to time with our offers till you advise us otherwise, when we will do our utmost to remove and delete your details from such lists as soon as possible.
b) In case of non-materialisation (your enquiry is not converted into a booking with us):
Followed by your enquiry should you decide not to go ahead and therefore not to enter into a booking with us, your details provided for the enquiry via any method (website, phone, email etc.) will be removed and deleted. However, if you have given us separate consent on our website and / or over the phone, via email etc. to be able to keep your name, email address (and IP address logged) for marketing purposes we will then keep only these data items on file and will approach you from time to time with our offers till you advise us otherwise, when we will do our utmost to remove and delete your details from such lists as soon as possible.
Payment Details
Under no circumstances will your payment details be kept on file (physically or electronically). After taking payment from you, your payment details will be deleted immediately. Therefore, in case of making a deposit followed by a balance payment and / or paying in instalments your payment details will be requested each time.
4. The applicable requirements to us for processing your data
a) The first requirement is that we need to process your data for the purposes of our legitimate interests or for those of a third party to whom we disclose it.
b) The second requirement, once the first has been established, is that the legitimate interests must be balanced against your interest.
c) Finally, the processing of your data under the legitimate interest’s condition must be fair and lawful and must comply with all the data protection principles such as transparency, accuracy, relevance and security.
Please find further information here.
5. The third-parties we are sharing your data with
When making a booking with us, or even before when making preliminary arrangements on your behalf (such as making reservations for airlines and holding space in our respective ticketing system) we are passing your data onto third-party suppliers such as
• Airlines *
• Hotels and other accommodation providers
• Travel service wholesalers
• Ground operators (often called “ground handlers”, meaning our partner service offices at the destination who oversee your services and well-being while in resort)
• Car hire companies
• Tour and excursion providers
• Transfer providers
• Travel insurance providers
• Ancillary travel service providers (such as airport car parks, airport lounge operators, attraction ticket providers)
The above list is not extensive, third-parties are subject to the nature of your booking and travel service providers involved. These third-party providers will only receive the volume and items of data that they require to be able to hold and then provide the requested services to you, but to no extent we will provide them with more details than necessary.
Included in your documentation to be received after making the booking, such as the detailed confirmation, itinerary, vouchers you will be advised the full name and contact details of these providers handling the respective part of your booking and therefore handling your corresponding data.
6. . Your data, your rights
You have the right to obtain:
• Confirmation that we process your data
• Access to your personal data we hold
If you require access to your data, you should let us know in the form of a signed postal letter sent to our trading address provided above. We will only accept your request if it is about your data and not another individual’s. According to the respective regulation we have a month after the receipt of your request to act upon it.
Rectification:
You are entitled to have your personal data rectified if you believe it is inaccurate or incomplete in our systems, however you need to let us know in the form of a signed postal letter sent to our trading address provided above. *
Deletion or removal:
You can also request the deletion or removal of your personal data, where there is no compelling reason for its continued processing or being held. This is your “right to be forgotten”, however if we are still legally bound either in a booking with you or other regulations require us to hold your data longer we may not be able to fulfil your request, but this will be explained to you in writing. Requesting a deletion or removal is only possible in the form of a signed postal letter sent to our trading address provided above. *
Data portability:
You have the right to data portability, as long as the data you are requesting have been processed by us using IT automation. In such cases and if it is within a period we are still obliged to keep e.g. your customer (booking) file you may request your booking history you have had with us, including all details we store on our systems.
You may then be able to reuse this data elsewhere for your own purposes or transfer them to another e.g. tour operator or travel service provider (data controller), therefore we can provide you the data still held on file in a structured, commonly used and machine-readable format (e.g. a CSV file). To request data portability, you will need to write to us in the form of a signed postal letter to our trading address provided above. *
* For our own protection and data safety we are unable to assist you with these requests received in any forms (phone, email, social media message etc.) other than a signed postal letter.
7. Data store locations
Your data will be stored:
• Physical format: we are obliged to keep your customer (booking) files within our archives, located at our premises
• Electronic format: as a tour operator we use various systems to manage bookings and accounts, issue invoices, confirmations, itineraries, tickets, vouchers etc., also we have numerous reservation systems to the different travel service providers, as well as we use electronic mail to correspond about our customers and their arrangements with our service providers. Our website also captures data when an enquiry / booking is made. Many of these systems are provided to us by third parties, however we ensure that we select reliable and well-prepared partners to run our business and we also pay extra attention when it comes to data protection of our customers.
8. If you have a complaint about the processing / handling of your data
Should you have any concerns about the way we process, handle or store your data and believe that we have not been able to overcome and rectify the situation after telling us you can contact the:
Information Commissioner’s Office
When you send an enquiry to us using our website
You will be prompted to accept our:
• Cookie Policy
• Privacy Policy
• and whether you would like to give us your consent to keep and use your data for email marketing.
You will not be able to submit your enquiry and therefore it will not be forwarded to us without accepting these policies, however opting in for future email marketing is fully at your discretion and whatever your choice is at the time of the enquiry can be and will be modified at your will any time when you inform us.
When you send a booking to us using our website
You will be prompted to accept our:
• Cookie Policy
• Booking Conditions
• Privacy Policy
• and whether you would like to give us your consent to keep and use your data for email marketing.
You will not be able to submit your booking without accepting these policies, however opting in for future email marketing is fully at your discretion and whatever your choice is at the time of the booking can be and will be modified at your will any time when you inform us.
Email list / subscriptions for marketing purposes:
We will always ask for your consent separately whether you would like to be included in our email list used for marketing purposes and based on your choice we will handle those data items accordingly, which should be limited to your name, email address provided (and IP address logged). We will keep this information on file and will approach you from time to time with our offers till you advise us otherwise, when we will do our utmost to remove and delete your details from such lists as soon as possible.