Gemcabin Limited - Data Protection Policy Online – May 2018
This Data Protection Policy applies to users of the website, www.vacationmoney.co.uk and all affiliate sites linked to it.
Gemcabin Limited is the registered business for services on this website with a registered address of 1 Cedar Square, Blackpool FY1 1BP
We are a Consumer Credit Business licensed by the FCA ref number 731616
We are a Foreign Currency Provider licensed by HMRC ref number 12112981
We are registered with the ICO for Data Protection ref number Z553681X
Our Compliance Manager (Suzy Dawson-Newbury) is the key contact for all Data Protection queries.
Under FCA SYSC requirements we also have a senior manager who takes responsibility for data, their title is Stephen Lefton – Managing Director
Your privacy is very important to us, that’s why we will never release your personal details to any company outside of Gemcabin Limited for marketing purposes. We will treat all your personal information as confidential (although we reserve the right to disclose this information in the circumstances set out below). We will keep your details secure and we will fully comply with all applicable UK Data Protection and consumer legislation in place from time to time.
By using this site, you signify that you agree with the terms of our Data Protection Policy.
Basis of Processing Data
We retain data and relevant information about our customers on the following basis;
When you visit our Website we collect certain information about you which allows us to provide you a service, comply with laws and regulations and improve our service for you in the future.
Information we collect includes;
Name & Title
Your Postal Address
We also store information about the transactions you make on the Website in order for us to continue providing you a service on the Website and to comply with laws and regulations.
This information includes:
Amount of Currency
Type of Currency
Cost of Currency (GBP)
What we do with information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
Comply with law and regulations such as Anti-Money Laundering
Internal record keeping
Improve our products and services
We may have to contact you by email or phone in regards to a purchase you have made through the Website in order for us to complete the transaction.
We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, We may also use your information to contact you for market research purposes. We may contact you by email, phone or post.
We Gemcabin Limited are the Data Controllers, and are responsible for all personal information retained, and are subject to audit by the Information Commission Office (ICO). We do not share our data with 3rd parties for marketing purposes.
We have reviewed our business through our Information audit to identify the data that is processed and how it flows into the business.
We will ensure that data is collected within the boundaries defined in this policy. When collecting data, we will ensure that the customer clearly understands why the information is needed.
We will respect the following rights for individuals:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.
Our Website and its affiliate sites are hosted on secure servers which are located within the UK.
Your data is also stored through our own servers and databases which reside within the UK on Vacation Money premises behind a firewall.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about user traffic and improve our Website in order to tailor it to customer needs. We only use this information for statistical analysis purposes
You can if you wish refuse these traffic cookies by enabling cookie blocking settings on your computer.
Data access and accuracy
We will ensure that:
The Compliance Manager has the responsibility for data in their job description and that they are fully trained for the role to ensure compliance with Data Protection.
Everyone processing personal information understands that they are contractually responsible for following good data protection practice and are trained according.
Everyone processing personal information is appropriately trained to do so
Everyone processing personal information is appropriately supervised
We deal promptly with any enquiries about handling personal information
We annually review and audit the ways it hold, manage and use personal information through our Information Audit
All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any future changes or amendments made to the GDPR 2018.
We will maintain a log of all data breaches no matter how small. A small breach would include [overhearing account details, losing a small amount of data or accidental deletion, loss of CCTV footage.]
Examples of a major breach would be [loss or theft of entire database, web cyber security issue or hacking resulting in theft of e mails/ passwords/ financial data of a significant or un quantified number of people.
We will ensure we have robust breach detection, investigation and internal reporting procedures in place.
We will report serious breaches within 72 hours of becoming aware of the breach where feasible, to the ICO on 0303 123 1113 and explain;
what has happened;
when and how we found out about the breach;
the people that have been or may be affected by the breach;
what we are doing as a result of the breach; and
who ICO should contact for more information
advise who else we have told about the breach.
We may change this policy from time to time by updating this page. You should check this page whenever necessary to ensure that you are happy with any changes.
Your Rights, Access to and Rectification of Your Information
You have the right to obtain a copy of the information that we hold about you. You can also request that we rectify or erase any information that we hold about you, if that information is incorrect. You can obtain information about yourself, or request a rectification or erasure, by writing to us or email us using the contact information below.
Data Protection Commissioner
Further information on your data privacy rights are available on the website of the Information Commissioner’s Office at https://ico.org.uk/.
1 Cedar Square