Exodus Travels Ltd (t/a Headwater Holidays) is part of the Travelopia group of companies (www.travelopia.com). Here at Headwater we take your privacy very seriously.
We understand the concerns about how data may be stored, sent and used by companies. We are committed to complying with all data protection laws and want you to feel confident in the measures we are taking to uphold your data privacy rights.
This privacy notice explains how we collect and use your personal information. We explain the types of information we collect, how we collect it, what we use it for, and who we may share your personal information with. We also let you know what rights you have over your information.
If you are visiting from the United States or Canada, please see our North America Privacy Notice.
Exodus Travels Ltd is the "data controller" of all personal data collected and used for the purposes of providing our products or services and for any other purposes set out in this privacy notice. This means that Exodus Travels Ltd is responsible for keeping your data safe; deciding how and why your data is used; and ensuring that your data is handled legally.
We do our best to keep the information we collect about you to the minimum necessary.
The information we collect depends upon how you are interacting with us. For example, if you are making a booking with us we are likely to ask for more information than if you're only requesting a brochure or browsing our website. We may collect, use, store and transfer different kinds of personal information about you depending on the nature of the product or service you buy from us; the below contains some of the information we may ask you to provide:
Details about you: Your first and last name, marital status, title, gender, e-mail address, telephone number, postal address, date of birth, loyalty membership details, your reasons for travel, emergency contact details, clothing size (for merchandise) and qualifications (e.g. if you book a cruising/sailing holiday).
Payment details: Your bank details and payment card details when making a booking with us. Details about payments to and from you and other details of products and services you have purchased from us.
Identification documents: If you are travelling on a route requiring advance passenger information, your passport or identity card details including your passport number, the country in which your passport was issued and the expiry date.
Details about your booking with us: Details such as where you are flying from and to, your booking information (including anyone else on the booking), any onward travel details if relevant, details of experiences or excursions booked through us, baggage requirements, upgrade information, lounge visits, seat preferences, meal or dietary preferences or requirements, details of any special assistance required and any other relevant information so that we can provide you with the entirety of the services you have arranged with us.
Details from your interactions with us: Information about interactions or conversations with us and our staff, including when you make enquiries, comments, complaints or submit feedback to us. This could also include username and password and your interests, marketing preferences, reviews and survey responses.
Your use of our systems and services: This includes how you use our site, app, physical locations (such as bases, vessels or retail stores), call centres, social media pages, IP addresses, information from cookies and other electronic tracking technologies and information you may post on social media.
Job applications: If you apply for a job with us, your CV, work history, educational details and the role you are applying for.
Special types of data: In some circumstances, we may need to collect information from you that is deemed sensitive. For example, we might collect:
We try to limit any sensitive personal data we collect to the minimum possible. Unless we have another specific lawful reason to use this information, we will ask for your explicit consent to collect it.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We are committed to protecting the privacy of all individuals, including children and young people. We may collect information about children and young people, as detailed in the 'What information we might collect about you' section, to allow us to plan and deliver the products or services they have signed up to or are included in. If applicable, we collect information about children and young people who are under the age of 18 years either:
Where we are aware of a young person completing an online application (applicable to the UK only) we will hold the data until parental/guardian consent is gained. If parental/guardian consent is not given in this context, this data is deleted.
Children have the same personal data rights as an adult. If a child wishes to exercise their personal data rights, in some circumstances such requests can be made by a parent or guardian on their behalf. For more information on these rights and how to exercise them, please refer to the What are your personal data rights? section in this privacy notice.
Depending upon your interactions with us, we might collect information in the following ways:
You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise, This includes personal data you provided when you:
As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs, pixels, web beacons and other similar technologies. We process the information collected through such technologies, which may include or be combined with personal data, to help operate certain features of our website, to enhance your experience through personalisation, and to help us better understand the features of the website that you and other users are most interested in.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy for further details.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We may receive personal data about you from various third parties, including (but not limited to) those set out below:
Under data protection laws we are allowed to use personal information only if we have a proper reason to do so such as:
Generally we do not rely upon consent as a legal basis for processing your personal data other than in relation to sending our own or third party direct marketing communications to you via e-mail or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out below a description of the ways we may process your personal data, and which of the legal bases we rely on to do so. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
| What we use your personal data for | Our reasons |
|---|---|
| To manage your booking with us. We will use your information to provide you with any products or services that you request or purchase. | This entails booking all services provided as part of your booking such as your flights, accommodations, organising tours, transportation and car hire and providing you with your tickets (on the basis of performing our contract with you) and providing you with any special assistance you require (where you give us your consent). |
| To contact you with information about your bookings and support services. We will use your contact details to send you communications that relate to bookings or services that you have requested. The types of information usually included would be: e-mails responding to enquiries, providing you with tickets, alerting you to changes in itineraries or responding to any complaints you have. | We do these things in order to fulfil our contract with you and on the basis of our legitimate business interest of providing you with customer service. |
| To provide assistance with online bookings. We may collect information when you enter it into forms on our websites but do not complete your booking. We do so in order to offer assistance in case you are experiencing difficulties using our websites. | We do this on the basis of our legitimate business interest of providing you with customer service. |
| To handle and investigate complaints. We may use your information to follow up on and manage complaints. In some instances, we may share information with relevant third parties in order to properly investigate. | We do this on the basis of our legitimate business interest to investigate and resolve complaints, continually improve our products, services, and customer service, or where we have a legal obligation to do so. |
| To enable you to partake in a prize draw, competition or complete a review or survey. | We do this to perform our contract with you or for our legitimate interest in carrying out market research to improve our customer experience, products and/or services and promoting products and services with positive customer reviews. |
| To send you marketing communications. We will use your information to contact you in order to keep you up to date with the latest news, offers, events, sales, brochures, promotions and competitions that we consider may be of interest or relevant to you. | We will usually only do this when we have your consent to do so or on the basis of our legitimate interest to provide you with customer service. Please see the Marketing section below for more information. |
| To personalise your customer experience and improve our service. We use your information to provide you with a more personalised service. This might include personalising the communications we send to you with preferences, sending you only advertising that we think you might like and/or enhancing your holiday experience. We may also record and/or monitor calls. | We do this on the basis of our legitimate interests to present you with the right kinds of products and services and improve our customer service. |
| To ensure security and protect our business interests. In certain circumstances, we use your information to ensure the security of our services, buildings, physical locations (such as bases, vessels or retail stores), and people, including to protect against, investigate and deter fraud, unauthorised or illegal activities, systems testing, maintenance and development. | We do this on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so. |
| To process your job applications. We will use your information to process any job applications that you submit to us, whether directly or via an agent or recruiter (speculatively or in response to any ad). | We do this on the basis of our legitimate interest to recruit new employees or contractors. |
| To optimise our sites and app. If you use our sites or apps, we will use your information to ensure that the content from our websites are presented in an effective manner for you and your device, to provide you with access to our site and app in a manner that is effective, convenient and optimal, and to provide you with content that is relevant to you, using site analytics and research and in certain circumstances combining that with other information we know about you. | We do this on the basis of our legitimate interests to operate and present an effective and convenient website to our website users. |
| To conduct research. We use your information to carry out aggregated and anonymised research about general engagement with our services and systems, or if you choose to participate in customer surveys, consumer focus groups and research. | We do this on the basis of our legitimate interests to improve our products, services and customer service. |
| To comply with our legal obligations. In certain circumstances, we will need to use your information to comply with our legal obligations, for example to comply with any court orders or subpoenas. | We do this on the basis of our legitimate interests to comply with a legal obligation. |
| To protect, realise or grow the value in our business and assets. We may use your information in connection with a significant corporate transaction or restructuring, which may include (without limitation) merger, acquisition, asset sale or initial public offering or in the event of insolvency. | Depending on the circumstances: to comply with our legal and regulatory obligations; in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets. |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
One of the other reasons we sometimes collect your information is so that we can form a view on what we think you may want or need, or what may be of interest to you. With this information, we decide which products, services and offers may be relevant for you and what marketing you may be interested in.
We keep you up to date with our latest offers, partnerships, sales, promotions, and competitions (or those of our partners such as other members of the Travelopia group) that we think might be of interest/relevance to you.
We will only contact you in this way if:
We never want to send our marketing to someone who isn't interested in receiving this content. If you have decided that you no longer wish to hear from us, you can unsubscribe from marketing by clicking on the 'unsubscribe' link included in all of our e-mails or by contacting us.
We do not share your personal data with any third parties for marketing purposes unless you provide express opt-in consent.
Sometimes we may use third parties to send communications to you on our behalf, such as brochures or e-newsletters, however these companies do not have the right to send marketing to you for their own purposes.
The marketing material we send to you we may occasionally also include information about selected business partners who provide services closely related to our own product.
In order to provide you with the services and on the lawful grounds described above, we may share your personal data with third parties such as:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
The personal data that we collect from you may be transferred to, stored and/or processed at an international location where our suppliers and third parties we work with or other companies within the Travelopia group are based.
Where we transfer information to parties internationally, we ensure appropriate safeguards are in place to make sure your personal data remains adequately protected which include, but are not limited to:
If you want further information on the specific mechanism used by us when transferring your personal data internationally please contact us.
We want you to feel reassured that you have control of your personal information. With this in mind, we have explained below the rights you have in relation to the personal information we hold about you:
You can exercise these rights over your data or to tell us that you don't want to participate in marketing by contacting us, or by checking the applicable boxes on forms where we collect your information. You can also unsubscribe from any marketing circulation lists you are on by scrolling to the bottom of the e-mail and clicking the 'unsubscribe' link.
We will comply with your requests unless we have a lawful reason not to do so. We may need you to provide additional details to confirm your identity in order to process your request.
We take the security of your personal data very seriously. While no organisation can guarantee absolute security, we have appropriate technical and organisational security measures in place to address risk and prevent your personal data from being accidentally or unlawfully lost, used, accessed, altered, or disclosed in an unauthorised way. In addition to these measures, we limit access to your personal data to those employees, agents, contractors, and other third parties on a 'need-to-know' basis.
We have put in place procedures to manage any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We continually test our systems and follow recommended industry standards for information security.
We will only keep your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements in accordance with our data retention policy.
We have a right to keep basic information about bookings and our customers for a minimum of six years for legal claims and tax purposes.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
Data Protection
Exodus Travels Ltd
Platinum House,
St. Mark's Hill,
Surbiton,
London,
United Kingdom
Email: datateam@exodus.co.uk
CC: dataprotection@travelopia.com
Tel: 01606 720199
Please contact us in the first instance if you have any concerns. If we are unable to resolve your concern, you have the right to make a complaint to the relevant data protection authority where you live.
We keep our privacy notice under regular review. This version was last updated September 2023.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Exodus Travels Limited, trading as Headwater Holidays, is a member of the Travelopia Group of Companies. Registered UK Office: Platinum House, St Mark's Hill, Surbiton, Surrey, KT6 4BH. Registered in England and Wales No. 1150160. Vat no. 108216835.
