Contact Us
Menu

PRIVACY POLICY

 

PRIVACY POLICY
Last Updated: 08.02.2025

Dee Escapes (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our website or booking a tour with us, you consent to the practices described in this policy.

DATA CONTROLLER

Dee Escapes is the data controller responsible for your personal data. Our registered company details are as follows:

  • Company Name: Dee Escapes Ltd
  • Company Number: 16206635
  • Registered Address: Gascoyne House, Moseleys Farm Business Centre, Fornham All Saints, Bury St Edmunds, Suffolk, United Kingdom, IP28 6JY
  • Email: contact@deeescapes.co.uk
  • Website: www.deeescapes.com

If you have any questions regarding this Privacy Policy or your rights, please contact us using the details provided above.

  • • PERSONAL DATA WE COLLECT

We collect and process different types of personal data depending on how you interact with us. The types of data we may collect include:

2.1. Information You Provide to Us

  • Booking Information: Your name, email address, phone number, payment details, billing address, and passport details (if required for travel purposes).
  • Health and Special Requests: Information related to dietary restrictions, medical conditions, or special requirements needed to facilitate your tour experience.
  • Communication Data: Any information you provide when contacting us for customer support or inquiries.

2.2. Information We Collect Automatically

  • Device and Browsing Information: Your IP address, browser type, device information, and browsing behaviour on our website.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your browsing experience. See Section 7 for more details.

2.3. Information Received from Third Parties

  • We may receive data from third-party service providers, such as payment processors, accommodation providers, and activity operators, if necessary for fulfilling our contractual obligations.
  • PURPOSE OF DATA PROCESSING

We process your personal data for the following purposes:

  • To Process Bookings: Managing reservations, processing payments, and communicating about your tour.
  • To Ensure Safety and Compliance: Recording health-related information for safety purposes and fulfilling regulatory obligations.
  • To Provide Customer Support: Handling inquiries, complaints, and feedback.
  • To Improve Our Services: Analysing trends and website usage to enhance our offerings.
  • To Send Marketing Communications: Providing promotional offers, newsletters, and updates, where you have opted in. You can opt out at any time.
  • To Comply with Legal and Regulatory Requirements: Ensuring compliance with UK financial, tax, and data protection laws.
  • To Prevent Fraud and Security Risks: Detecting and preventing fraudulent transactions, unauthorised access, and cyber threats.
  • To Conduct Market Research: Analysing customer preferences and trends to enhance our products and services.
  • To Manage Business Operations: Ensuring the efficient administration of our business, including financial reporting and audits.
  • DATA RETENTION

We retain booking-related data for six (6) years to comply with tax and financial regulations. Marketing data will be retained until you opt out of communications. Communication records, including customer inquiries, are retained for two (2) years for reference and service improvement purposes. If data is required for legal compliance, dispute resolution, or enforcement of our rights, it may be retained for longer periods as necessary. After the retention period expires, personal data will be securely deleted or anonymised unless otherwise required by law.

  • DATA SHARING AND THIRD PARTIES

We do not sell or rent your personal data. However, we may share your information with:

  • Service Providers: Third parties who assist with processing payments, accommodations, transport, and activities.
  • IT and Website Support Providers: Companies that manage our website, customer database, and online security.
  • Legal and Regulatory Authorities: When required by law, such as compliance with UK tax and consumer protection regulations.
  • Marketing and Advertising Partners: Third-party services that help us deliver targeted advertisements and promotional content.
  • Business Transfers: If Dee Escapes undergoes a merger, acquisition, or sale, personal data may be transferred as part of the transaction.
  • Security and Fraud Prevention Agencies: If we suspect fraudulent activity, we may share data with fraud prevention and law enforcement agencies.
  • COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies to enhance your experience. Cookies are small data files stored on your device that help us track website traffic and improve functionality. We use essential cookies (required for website functionality), performance cookies (to analyse user behaviour), and advertising cookies (to personalise ads). You can manage your cookie preferences through your browser settings. However, disabling certain cookies may affect website performance. We use Google Analytics to track website usage patterns. 

  • INTERNATIONAL DATA TRANSFERS

Dee Escapes is based in the United Kingdom, and we primarily process personal data within the UK. However, in some cases, your personal data may be transferred outside the UK and the European Economic Area (EEA). Whenever we transfer your data internationally, we ensure that appropriate legal safeguards are in place to protect your data in accordance with UK GDPR and the Data Protection Act 2018. If we transfer your personal data to a country that the UK government has deemed to provide an adequate level of data protection (under a UK Adequacy Decision), we will rely on this decision as the legal basis for the transfer.

If we transfer personal data to a country that does not have an adequacy decision, we will ensure that:

  • The recipient has entered into UK Standard Contractual Clauses (SCCs), which impose contractual obligations to protect your data.
  • Additional safeguards, such as encryption or data minimisation, are implemented where necessary.
  • The transfer is necessary for the performance of a contract (e.g., arranging international travel services).

When using third-party providers (e.g., payment processors, cloud storage providers, or accommodation partners) located outside the UK, we ensure that:

  • They have legally binding agreements in place that align with UK data protection laws.
  • They provide a level of data protection equivalent to UK standards.
  • Where applicable, they have certifications, such as the UK Extension to the EU-US Data Privacy Framework, if transferring data to the US.
  • DATA SECURITY

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, or alteration. These include:

  • Encryption: Sensitive data is encrypted during transmission and storage where applicable.
  • Access Controls: Personal data access is restricted to authorised personnel who require it for legitimate business purposes.
  • Regular Security Audits: We routinely assess our systems to identify and mitigate potential vulnerabilities.
  • Data Minimisation: We only collect and retain the minimum necessary personal data required for the intended purposes.
  • Secure Payment Processing: Payment transactions are encrypted and processed through PCI-DSS compliant payment providers.

While we take reasonable and industry-standard precautions to safeguard your personal data, no system or method of transmission over the internet is completely secure. We cannot guarantee absolute security, and you acknowledge that any transmission of data is at your own risk. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the UK Information Commissioner’s Office (ICO) as required by law and, where applicable, inform affected individuals.

  • YOUR RIGHTS UNDER UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure (Right to Be Forgotten): Request deletion of your data in certain circumstances.
  • Right to Restriction of Processing: Request limitation of data processing.
  • Right to Data Portability: Request transfer of your data in a structured format.
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes.
  • Right to Withdraw Consent: Withdraw consent for marketing communications at any time.
  • UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time. Any changes will be posted on our website, and we will notify you if significant changes are made.

By using our website or booking a tour with Dee Escapes, you acknowledge that you have read and understood this Privacy Policy.

  • COMPLAINTS/CONTACT US

11.1. Contacting Us

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at:

  • Company Name: Dee Escapes Ltd
  • Company Number: 16206635
  • Registered Address: Gascoyne House, Moseleys Farm Business Centre, Fornham All Saints, Bury St Edmunds, Suffolk, United Kingdom, IP28 6JY
  • Email: contact@deeescapes.co.uk
  • Website: www.deeescapes.com

11.2. Making a Complaint

If you believe we have not handled your personal data in accordance with applicable laws, please contact us first to resolve the issue. We aim to respond within 30 days.

11.3. Escalating to the ICO

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: https://ico.org.uk
  • Phone: 0303 123 1113
  • Address: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF