Privacy Policy
Last Updated: October 2025
At Oliver's Travels, we understand the significance of your privacy and are dedicated to protecting your personal data. This privacy policy will inform you about how we collect and process your personal data in relation to the brand known as Oliver’s Travels.
Purpose of this privacy policy
Oliver's Travels Ltd, referred to as "Oliver's Travels," "we," "us," or "our" in this privacy policy, is responsible for your personal data. Oliver’s Travels Ltd is a company incorporated in England (company number 06631130), whose registered office is at Unit 1.01, Chester House, Kennington Park, 1 -3 Brixton Road, Oval, SW9 6DE.
The purpose of this privacy policy is to outline the types of personal data we collect, how we process it, and your rights regarding your data.
We will process your personal data strictly in accordance with this privacy policy, or as otherwise communicated to you or agreed upon by you, and as permitted by data protection laws.
This website is not intended for children and we do not knowingly collect data relating to children. You must be at least 18 years old to make a booking on our website.
Please read this policy carefully to understand our practices regarding your personal data and how we will treat it. If you have any questions about this privacy policy or need further information, please contact our Data Protection Officer (DPO) at the contact details provided below.
Data controller and contact details
For the purposes of data protection legislation, we are a data controller in respect of the personal data you provide us with.
We have appointed a DPO who is responsible for overseeing questions related to this privacy policy. If you have any questions about this policy, including requests to exercise your legal rights, please contact the DPO using the details below.
Contact Details:
Full name of legal entity: Oliver's Travels Ltd
Data Protection Officer (DPO): Rory Lowe
Email address: DPO@oliverstravels.com
Postal address: Unit 1.01, Chester House, Kennington Park, 1 -3 Brixton Road, Oval, SW9 6DE
Telephone number: 0333 888 0205
Personal data we collect
We will collect, store and process information about you or other members of your party if you voluntarily provide us with such information when you use our services or make enquiries either by you or by a third party through whom you have made an enquiry or booking.
If you provide us with personal data about someone else, you must ensure you have the right to do so and that we can collect, use, and disclose this information as outlined in our Privacy Policy without needing further consent. You must also inform the individual about the details in this Privacy Policy, including our identity, contact information, data collection and use practices, disclosure practices, their rights to access and complain about their data, and any consequences of not providing the data.
The types of information we may obtain include:
Identity and Contact Data – name, username or similar identifier, title, address, date of birth, place of birth, passport number, gender, email address, telephone number
Financial Data – credit/debit card information (including card number, cardholder name, expiry date), bank account details and details about payments to and from you
Marketing and Advertising Data – personal data related to your advertising preferences and your preferences in receiving marketing communications from us and third parties.
Technical and Information Technology Data – personal data related to your use of our website, such as your IP address, login data, browser type and version, time zone setting, location, browser plug-in types and versions, operating system and platform, and other technology on your devices.
Account and Profile Data – personal data related to your profile on our website, such as your username and password, enquiry and booking history, interests, preferences, feedback, and survey responses.
Usage Data – personal data related to how you use our website, products, and services.
We also collect and use Aggregated Data, which consists of statistical or demographic information derived from your personal data but does not identify you. For example, we might aggregate Usage Data to determine how many users access certain features. While Aggregated Data itself is not considered personal data, if combined with personal data in a way that identifies you, we will treat it as personal data and handle it according to this Privacy Policy.
In addition, we may obtain certain Special Categories of Data which relates to your health or which reveals your racial or ethnic origin. Information regarding any disability, dietary restrictions, medical condition, restricted mobility or other health-related issues which may affect your travel arrangements (and related requirements) as well as dietary restrictions which disclose your religious beliefs or a health issue are special categories of personal data. This Privacy Policy specifically sets out how we may process these types of personal data.
If we require personal data to fulfil a contract with you and you do not provide it when requested, we may be unable to complete the contract. As a result, we might need to cancel the service you ordered, and we will inform you if this happens.
Sources of Personal Data Collection
We use various methods to collect data from and about you, including:
Direct Interactions – you may provide us with your personal data directly through:
• Enquiring about our services via our website
• Requesting brochures
• Creating an account on our website
• Contacting us via phone, email, or post (please note all our calls are recorded for training and monitoring purposes)
• Subscribing to our services or newsletters
• Requesting marketing communications
• Participating in competitions, promotions, or surveys
• Providing feedback
• Making payments through our payment system
Automated Technologies or Interactions – as you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns through:
• Cookies
• Server logs
• Call recording
• Other similar technologies
Third Parties – we may receive personal data about you from various third parties and public sources, including:
• Analytics providers
• Advertising networks
• Search information providers
• Providers of technical, payment, and delivery services
• Distribution channels
• Travel agents
How we use your personal data
We use your personal data for various purposes, relying on different legal bases for processing as permitted by law. Most commonly, we will use your personal data to facilitate or fulfil your booking. We provide more details about the lawful basis for using your data in the following list.
Handling Enquiries, Communications, and Customer Registration
Purpose: To respond to your enquiries, send requested information, register you as a new customer, and provide important updates about our products and services.
Legal Basis: Legitimate interests and performance of a contract with you.
Managing Your Booking
Purpose: To deliver our products and services, including booking holidays, providing customer service, informing you about changes to our terms or privacy policy, providing important real-time information about the products and services you have ordered from us, and asking you to leave a review or take a survey.
Legal Basis: Performance of a contract with you or taking steps at your request before entering into a contract.
Processing and Delivering Your Order
Purpose: To manage payments, fees, and charges, as well as collecting and recovering money owed to us. Credit/debit card payments are processed via our merchant provider on their secure platform.
Legal Basis: Performance of a contract with you and necessary for our legitimate interests (to recover debts owed to us).
Providing Suggestions and Recommendations
Purpose: To suggest products and services that may interest you, measure the effectiveness of promotional campaigns, and ensure our marketing is relevant to you.
Legal Basis: Legitimate interests, except where these are overridden by your interests or fundamental rights.
Developing and Improving Products and Services
Purpose: To enhance our website, products, services, marketing efforts, customer relationships, administrative processes and overall customer experience.
Legal Basis: Legitimate interests.
Administering and Protecting Our Business and Website
Purpose: To administer and protect our business and website, including troubleshooting, data analysis, system maintenance, IT services, network security, fraud prevention, and facilitating business reorganisation.
Legal Basis: Legitimate interests.
Complying with Legal Obligations
Purpose: To comply with legal obligations, such as health and safety legislation, and to assist in investigations or disclose information as required by law or legal authorities.
Legal Basis: Compliance with a legal obligation.
Engaging with Promotions and Communications
Purpose: To enable you to participate in prize draws, competitions, and surveys, and to occasionally contact you with information about special offers, brochures, new products, events, or competitions. If you prefer not to receive such information, you can opt out in writing.
Legal Basis: Legitimate interests.
Generally, we do not rely on consent as a legal basis for processing your personal data, except for sending third-party direct marketing communications via email or text. You can withdraw your consent to marketing at any time by contacting us.
Special Categories of Data
We may process special categories of data under the following condition.
Sharing Health-Related and Dietary Information
Purpose: To share information about disabilities, restricted mobility, or other health-related issues with property owners, and to share dietary restrictions with catering suppliers, as requested by you. Any other special categories of data will only be shared with third parties if explicitly requested and consented by you.
Legal Basis: Performance of a contract with you. Explicit consent, which you may withdraw at any time.
We minimise sensitive data collection unless legally necessary, such as in emergencies.
Opt-Out Policy
Subscribers have the flexibility to opt out of receiving marketing communications at any time. You can manage your preferences by logging into our website and adjusting your settings or by following the opt-out links included in our marketing messages. Additionally, you can email us directly at marketing@oliverstravels.com to unsubscribe. Please note that opting out of marketing messages does not affect any personal data collected through transactions such as product or service purchases, warranty registrations, or other related activities.
Sharing Your Personal Data
We may share your personal data with various third parties for the following purposes:
Service Providers: We disclose your data to suppliers and subcontractors who assist in delivering our services, such as villa owners, experience providers, and catering services. This also includes third parties involved in processing payments or performing administrative tasks.
Regulatory and Legal Authorities: We may need to provide your data to government bodies, law enforcement, and regulatory agencies as required by law or for legal proceedings.
Business Operations: Your data might be shared with professional advisers (such as accountants, lawyers, bankers and auditors) and to third parties during business transactions like mergers or asset sales.
Marketing and Communications: If you opt-in, we may share your information with selected third parties for marketing purposes and with companies who provide services on our behalf, such as holiday gifts and marketing material.
We ensure that any third parties with whom we share your data adhere to strict security standards and use your information only for the intended purposes. Other than in relation to government and public authorities (over whom we have no control), we take appropriate measures to protect your data and ensure its secure handling.
International Data Transfers
To deliver our services, we may need to share your personal information with relevant overseas travel service providers. These providers will typically receive your information either in the country where they will perform the services or where their business operations or management are located.
Your personal data may be processed within the UK, the European Economic Area (EEA), or outside these regions. When transferring data outside the EEA, we ensure adequate protection through:
• Transfers to countries deemed to have adequate data protection by the European Commission.
• Implementation of standard contractual clauses to ensure data is handled securely.
Note: We may also transfer personal data to countries that do not have an adequacy decision from the European Commission. In such cases, we ensure that the recipient company is contractually obligated to handle your data strictly according to our instructions and to maintain robust security measures to protect it.
Data Security and Protection
We implement robust administrative, technical, and physical measures to safeguard your personal data against unauthorised access, accidental loss, or unlawful processing. Our security protocols include restricting access to your data to only those who need it for business purposes and ensuring that any third-party service providers are contractually bound to maintain data confidentiality and security. Additionally, we have procedures in place to address and report any data breaches in accordance with legal requirements.
Data Retention and Storage Period
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Typically, we keep basic information for a minimum of six years following the end of our relationship with you, in compliance with tax regulations.
For data related to bookings, we store personal information for up to eight years from the date of departure. Marketing-related data is kept for eight years from the last interaction. After these periods, we may either delete your data or anonymize it for research or statistical purposes, depending on the context.
We review our data retention policies regularly to ensure compliance with legal requirements and adjust as necessary. For details on how to request data deletion or further information on our retention policies, please refer to the relevant sections in this policy.
Recruitment Privacy Policy
At Oliver’s Travels, we take your privacy seriously. This notice explains how we handle your personal data during our recruitment process, in line with UK GDPR.
Who We Are
Oliver’s Travels Ltd is the data controller responsible for the information you provide during the recruitment process.
What Data We Collect
We collect and process the information you provide in your application (such as your CV, covering letter, and contact details). We may also take notes during interviews or assessments.
How We Use Your Data
We use your information only to:
• Assess your skills and experience against the role applied for.
• Communicate with you about the recruitment process.
• Keep records required for legal or compliance purposes.
How Long We Keep Your Data
• Unsuccessful applications: We keep your details for up to 6 months after the role closes, to allow us to respond to any queries or legal claims. After this, your data will be securely deleted.
• Talent pool: With your consent, we may keep your CV for up to 12 months for future opportunities. You can withdraw your consent at any time.
Who Has Access
Your information will only be shared internally with staff directly involved in the recruitment process. We do not share your data with third parties for marketing purposes.
Your Rights
Under UK GDPR, you have the right to access, correct or delete your data, and withdraw consent (if you previously agreed to us keeping your CV for future roles). If you would like to exercise any of these rights, please contact us at jobs@oliverstravels.com or our DPO at DPO@oliverstravels.com.
Contact & Complaints
If you have questions about how we handle your data, please contact our DPO at DPO@oliverstravels.com. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
Call Tracking & Attribution (Call360)
Purpose
To better understand how our online marketing activities lead to phone enquiries and sales, we use a call tracking and attribution service provided by Call360 (or a similar provider). This service helps us identify which digital marketing channels, such as paid search, organic traffic, or social media, are most effective in generating calls to our business.
Dynamic phone numbers may be shown on our website depending on the source of your visit. This allows us to match website visits and phone calls to specific marketing campaigns, search keywords, or referring websites. In some cases, calls may also be recorded for training, analysis, and operational insights (with clear notice provided at the start of the call).
What Data Is Collected and Why
1. Essential Data (Strictly Necessary – No Consent Required)
Pages visited on our website and time spent; Session ID or temporary cookie to maintain session state; Referring website; Landing page URL; Timestamps; Duration and call status; Technical error logs or spam/bot detection signals. This information helps operate the site, route enquiries, and protect against abuse.
2. Consent-Based Data (Requires Your Agreement)
Marketing attribution data via cookies or URL tracking (e.g., UTM parameters, tracking cookies, cookie ID/persistent browser ID) and call recording (with a pre-call notice). Recordings are transcribed automatically, personally identifiable information (PII) is redacted, and audio recordings are deleted after redaction is complete. You can opt out via cookie settings or by telling us during the call.
3. Personal Data Collected Under Legitimate Interests
Caller phone number (where available), time/date of the call, and call metadata linked with a marketing source (e.g., campaign, keyword). We use this to measure campaign effectiveness and improve responses. Opt-out options are available.
Data Redaction and Minimisation
All call recordings are transcribed and redacted of PII before use; original audio files are deleted once redaction is complete; website tracking is session-based unless cookie consent is given.
Cross-Session Linking (Cookies)
Where cookies are accepted, we may use a persistent identifier to associate multiple website visits and calls with the same browser. You can disable this by rejecting non-essential cookies.
Automated Decision Making
We may use interaction data to help prioritise responses to enquiries or tailor communications. This is not used to make legal or similarly significant decisions about you, and you can object at any time.
Approximate Location
We may infer your approximate location (e.g., city or region) using your IP address to understand which locations generate the most enquiries. This is processed under our legitimate interests and is not used to personally identify you.
Lawful Basis for Processing
Legitimate interests (to evaluate marketing performance and respond effectively), and consent where legally required (e.g., for cookies or recording calls). When relying on legitimate interests, we conduct a balancing test to ensure our interests do not override your rights and freedoms.
Data Sharing
Your data may be shared with Call360 (or another appointed provider) as a data processor, sub-processors for transcription/redaction, cloud infrastructure providers, and internal marketing/analytics teams. All service providers are contractually bound to UK GDPR standards; no personal data is sold to third parties.
Data Retention
Attribution metadata and call metadata: up to 12 months. Call recordings: automatically deleted after transcription and redaction are complete (typically within 12 hours). Only redacted text transcripts may be retained without personally identifiable information.
Your Rights and How to Opt Out
You can opt out of marketing attribution cookies by rejecting non-essential cookies via our cookie banner or your browser settings. If you would prefer not to have your call recorded (where applicable), please tell us at the start of the call and we will provide an alternative communication method.
Contact Information
Oliver’s Travels Ltd | Data Protection Officer (DPO): Rory Lowe | Email: DPO@oliverstravels.com | Phone: 0333 888 0205 | Address: Unit 1.01, Chester House, Kennington Park, 1 -3 Brixton Road, Oval, SW9 6DE
Use of Artificial Intelligence Tools
We may use artificial intelligence (AI) tools, including ChatGPT by OpenAI, to assist with tasks such as customer support, internal content creation, and process automation. These tools may process limited personal data strictly for the purposes of providing and improving our services.
OpenAI acts as a data processor on our behalf. Data processed through ChatGPT is governed by OpenAI's Data Processing Addendum, which incorporates Standard Contractual Clauses (SCCs) to safeguard any international data transfers.
We do not use AI tools to make automated decisions that produce legal or similarly significant effects without human involvement.
Our lawful basis for this processing is legitimate interests in enhancing the efficiency and quality of our services. We ensure that only the minimum necessary data is shared, and no special category data is processed through AI systems.
Your Data Rights
You have several rights regarding your personal data, subject to applicable laws. These include:
• Access: Request a copy of the personal data we hold about you.
• Rectification: Request corrections to any inaccurate or incomplete personal data.
• Erasure: Ask us to delete your personal data where there is no valid reason for us to keep it, or if you have successfully objected to processing.
• Restriction: Request to limit the processing of your personal data in certain circumstances.
• Portability: Request your personal data in a structured, machine-readable format for transfer to another organization.
• Withdraw Consent: Withdraw consent for processing where applicable.
To exercise these rights or make a complaint, please contact our DPO using contact details above. We may need to verify your identity before processing your request.
We aim to respond to all valid requests within one month. If your request is complex or if you’ve made multiple requests, it may take longer. In such cases, we will notify and update you.
Updates to our Privacy Policy
Our Privacy Policy may be updated periodically to reflect changes in data protection laws, regulatory guidance, or our internal procedures. We encourage you to review the Policy from time to time to stay informed about how we collect, use, and protect your personal information. Updates to the Policy will be posted on our website, in brochures, and made available upon request.