GlobalXperience Data Protection and Privacy Policy is effective from 22 May 2007. GlobalXperience is a data controller as defined in the UK Data Protection Act 1998 (DPA). In order to process your booking, we need to collect certain personal data from you.

This data will include your name and contact details, credit/debit card or other payment details, information relating to any medical condition or disability you may have and dietary restrictions which may disclose your religious beliefs. We need to transfer your personal data to:

• Relevant suppliers.
• In Country Representatives.
• Organisations.
  
• Partners.
  
• Public authorities (e.g. customs and immigration).
  
• Any other body/third party
  

in order to process your application, arrange for your travel experience, provide our suppliers/partners with appropriate information (e.g. medical conditions, dietary requirements etc.) and comply with statutory / legal requirements.

We may, in some instances, need to share your information with our suppliers and partners who provide co-branded services or data collection.

GlobalXperience collects information from you, our customers, to ensure that we provide you with the most relevant and life enhancing experiences, and to measure our service and performance levels. For the same reasons and as set out above, GlobalXperience may need to hold and file your personal data. By booking with GlobalXperience, you expressly agree for us to pass on personal and sensitive personal data, and to hold/store the same data as set out above.

It should be noted that should your travel experience destination be outside the European Economic Area (EEA), the same level of data protection may not be provided as in your home country by our suppliers. GlobalXperience will never sell your personal information and our employees are obliged to respect confidentiality.

We may want to use your stored information for future marketing purposes (like sending you offers or a brochure). All details you give us will be stored, but we will use only names and contact details for marketing purposes (unless you have asked us not to). All data will be stored and protected by our security devices, firewalls and programmed access controls. The communication of sensitive information, such as debit or credit card details, is protected by encryption protocols. When a transaction has been completed, we do not file you card details. Except where expressly permitted by the DPA, we will only deal with personal data as set out above unless you agree otherwise.

The DPA gives you the right to access the personal data we hold about you. Your right of access can be exercised in accordance with the DPA. We are entitled to charge a fee to meet our costs of providing you with details of the personal data we hold about you.