Privacy Policy

Privacy Policy

Privacy is a very important issue for everyone, and is a subject we handle as a priority. Looking after the personal data you share with us is extremely important. Trust, respect and fairness have always been values that are integral to the Riviera Travel business and how we operate. This document outlines how we collect and use your personal data, so you can be confident it’s safe and secure with us, and to understand how we use it to give you a better customer experience.

We have tried to keep this notice as easy to read as possible, but if you are unfamiliar with the terms used you will find some explanations in the Key Terms document in the appendix. If you have any questions about this policy you can contact us at:

Data Protection Lead
Riviera Travel
328 Wetmore Road
DE14 1SP


What this privacy notice covers

The data controller is Riviera Tours Ltd trading as Riviera Travel (referred to in this notice as “we” or “us”) of New Manor, 328 Wetmore Road, Buton-on-Trent, DE14 1SP.

We comply with the Data Protection Act 2018, the General Data Protection regulation 2016/679 and all relative European Union and Member State data protection legislation in force and as amended or replaced from time to time including, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

Our privacy notice explains:

  • What types of personal data we collect, and why.
  • How we use personal data provided to us.
  • How we protect and ensure personal data is handled securely.
  • When and how we share personal data within our company and with other organisations.
  • The rights and choices you have in regard to your personal data.

Personal data we collect

When you register for any of our services, request information, buy our products online or by telephone or, in a limited way, browse our websites, we will collect and store your information as required:

  • Your personal details, including your email address, address and phone number
  • Where applicable, your account login details e.g. your username and password
  • Where applicable, passenger information, such as passport details, date of birth and insurance details
  • Where applicable and with explicit consent, special requests such as dietary and disability requirements
  • Information about your browsing behaviour on our websites and mobile apps
  • Information about your purchases or registrations, including what you bought, brochures you requested, when and how you made the purchase or requests
  • Information about when and what you click on our website and on our adverts shown on other organisations’ websites
  • Information on how you access our digital services, including IP address, browser and operating system
  • Information on your browsing preferences in relation to our website through use of cookies. Click here to see our cookie policy

When you contact us or we contact you or you take part in competitions, surveys or questionnaires about our services, we collect:

  • The personal data you provide when you connect with us, through email, post, phone or social media, such as your name, username and contact details.
  • Confirmation that you have opened or interacted with  emails and other digital communications we send to you that you.
  • Your feedback and contributions to customer surveys and questionnaires.

Other sources of personal data we use

  • Specialist companies that supply information, and trusted partners
  • Your insurance company, their agents and medical staff exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.  
  • If you log-in using your social network credentials e.g. Facebook and Twitter, your personal details are shared with us according to the terms and conditions of the social network. This could include your name, email address, date of birth and location. You can manage what you share via social sign-in through the social network’s own preference centre.  
  • We use CCTV images collected in or around our premises.   

Personal data you provide about other individuals

  • Personal data about other individuals, such as those people on your booking.   
  • By providing other people’s personal data, you must be sure that they agree to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data is used by us.

How we use personal data

To provide the products and services you request

We need to process your personal data so that we can provide you with services that you have requested from us such as to provide you with the products and services you want, such as brochures and to manage your booking.  If you do not provide us with your personal data, this is likely to affect our ability to provide these services to you.

To manage and improve our products, services and day-to-day operations

We use personal data to manage and improve our products, websites, mobile apps, operations and other services.

We use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.  

We use personal data to carry out market research and internal research and development, and to develop and improve our product range, services, IT systems, security, know-how and the way we communicate with you.

We use CCTV images to help maintain the safety of anyone working in or visiting our premises, and for the prevention, detection and prosecution of criminal offences. We will rely on the images to establish, exercise or defend our legal rights.

To personalise your experience

We want to ensure that communications relating to our products and services, including our marketing information and that of our partners, including online advertising, are relevant to you.

To do this, we use your personal data, preferences, previous transactions and browsing behaviour to better understand you, and to try to predict what other products, services and information you might find the most relevant and interesting. We measure your responses to marketing communications relating to products and services we offer, which enables us to offer products and services that better meet the needs of our customers.

If you do not want to receive a personalised service from us, you can change your preference by email, over the phone or in writing at any time. We will update our records as soon as we can. Please contact us at:

Data Protection Lead
Riviera Travel
328 Wetmore Road
DE14 1SP


To make contact and interact with you

In the event you contact us, for example by email, post, telephone or via social media, we use personal data to provide clarification or assistance to you.

We process your personal data so that we can manage any competitions you choose to enter. For example, if you win a prize.

From time to time we invite our loyal customers to take part in surveys, questionnaires and other market research activities carried out by us or by other organisations on our behalf and we will process your personal data in order to improve the service we provide to you.

We combine the personal data we collect across different sources, digital and offline, in order to provide you with relevant service and marketing communications (including online advertising relevant to your interests).

Marketing information and B2B activities

With your permission, we will send you relevant information from time to time about our products and services, such as new product launches. This includes our email newsletter.  We will also keep you informed by post by using our legitimate business interest.

We will not sell your data to 3rd parties and it would only be with your permission that we pass your details to our partners, including media publishers who will be named, so that they can send you information on their products and services. We will only do this if you agree to receive these marketing communications from those named partners.  

When you request a brochure, book or create an account with us we will ask if you would like to receive marketing communications. You can change your contact preferences at any time by email, phone, in writing or by clicking the unsubscribe link that you will find on all our emails. This is entirely your choice but this will prevent you from receiving content or marketing information that we hope is of interest to you.  You may still receive service-related communications from us that provide important information about the use of our products and service, e.g., booking confirmations.

So that we can improve our products and services, we like to hear your views, so from time to time we will contact you for market research purposes. You always have the choice about whether to take part in our market research.

To change your contact preferences please contact us at:

Data Protection Lead
Riviera Travel
328 Wetmore Road
DE14 1SP


Sharing personal data

We will only carry out international data transfers of your personal data to a country outside the EEA where the recipient is compliant with EU data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example: 

  • by way of data transfer agreement, incorporating the current standard data protection clauses adopted by the European Commission for the transfer of personal data by data controllers in the EU to data controllers and processors in jurisdictions without adequate data protection laws; or
  • by certification that the recipient is registered and compliant with the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
  • transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation (Andorra, Argentina, Canada, Faroe Islands, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay).

We may also undertake a transfer:

  • where it is necessary for the conclusion or performance of a contract between us and a third party and the transfer is in your interests for the purposes of that contract; or
  • where you have expressly consented to the data transfer.

With suppliers and partners

In order to provide products or services requested by you we share personal data with suppliers of your travel arrangements, including airlines, hotels and transport companies.

We use Easyjet as one of our airline suppliers. Easyjet’s group booking facility is used to reserve flights for specific departures. While each customer will be provided with individual boarding passes as part of your travel documentation, the information contained on boarding passes for all clients on the same departure will be accessible for view via Easyjet’s website using the booking reference provided by all customers on that group booking, this includes your full name and passport number.

We also work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, market research, processing payments and delivering products and services.

When we share personal data with other reputable service providers it is conducted under contractual agreements where we require them to keep it safe, and we do not allow them to use your personal data for their own purposes including marketing.

We only share the minimum personal data that enable our suppliers and partners to provide their services to you and us.

On occasion, we need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk.

In the event that we enter into negotiations to sell or transfer any of our businesses or any of our rights or obligations under any agreement we have with you we will share your personal data with that organisation as necessary. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in the same way as us.

With regulatory authorities

So that you can travel, it is sometimes mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.  

Some countries will only permit travel if your advance passenger data is provided. These requirements differ depending on your destination and you are advised to check. Even if not mandatory, we assist where appropriate.

We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.

Protecting your personal data

We take our responsibility to protect and manage your personal data very seriously. We take appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access when it is being transmitted, stored or otherwise processed.

Where you have been provided or chosen usernames and passwords for restricted areas of the websites, e.g. My Booking areas, you are responsible for keeping this information confidential.

Where applicable, and to fulfil the requirements of your holiday, we need to share your data with companies situated outside the European Economic Area (EEA). Your personal data will be securely transferred within our group or to one of our reputable service providers who store and process this information outside the European Economic Area (EEA). Only the minimal amount of personal data required for a processing activity will be transferred and we can assure you that we have taken all appropriate steps to ensure your data is handled securely. We have appropriate agreements in place with our suppliers.

Data retention

We will retain your personal data for as long as it is necessary for the uses set out in this privacy notice and no longer than 12 years, and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data or take appropriate measures to anonymise it, if data is needed after this period for analytical, historical or other legitimate business purposes.

About cookies

Cookies are small text files that are stored on your computer or mobile device. They can’t harm your computer and don’t store personally identifiable information such as credit card details but help us to provide features and functionality on our websites and mobile apps that we use to improve your customer experience. Please see our Cookie Notice for further information.

Links from our website to other organisations, and social media

Our websites or mobile apps contain links to websites operated by other organisations. They will have their own privacy notices so please make sure you read their privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for websites of other organisations.

Our websites or mobile apps contain social media features such as Trip Advisor, Facebook and Twitter that have their own privacy notices. Please make sure you read their privacy notices carefully before providing any personal data as we do not accept any responsibility or liability for these features.  

How to access and update your personal data, make requests and complaints

Where Riviera Travel processes your personal data on the basis of consent which has been provided by you, you have the right to withdraw that consent at any time.

You have a right to ask for a copy of the personal data we hold about you, and the right for data to be rectified or erased. You can write to us asking for a free copy of the personal data we hold about you, including any details you think will help us to identify and locate your personal data. Where further copies are requested we may charge a reasonable fee based on administrative costs.

We want to ensure personal data held is accurate and up to date. If any of the details we hold are incorrect, please let us know. We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.  

You can also object to the processing of your personal data, as well as the right, where technically feasible, to ask for personal data you provided to be transmitted to another organisation.

If you would like to make a request, please email or write to:

Data Protection Lead
Riviera Travel
328 Wetmore Road
DE14 1SP

You can also contact the Data Protection Lead if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the local data protection authority. In the UK, this would be the Information Commissioner’s Office, contactable via Information Commissioner’s House, Wycliffe House, Water Lane, Wilmslow SK9 5AF; 0303 123 1113; or https://ico.org.uk/concerns/

For your security, we can ask you to verify your identity before we can act on your request or complaint.

Legal basis for processing personal data

Where you have entered into a contract with us, failure to provide personal data may mean that we are unable to properly implement the contract and that you are unable to exercise certain contractual rights.

We will only collect and use your personal data if at least one of the following conditions applies:

We have your consent, e.g. you have opted in when ordering a brochure
It is necessary for a contract with you or to take steps at your request prior to entering into a contract, e.g. to complete a booking
It is necessary for us to comply with a legal obligation, e.g. to meet the entry requirements of the country you are visiting
It is necessary to protect the vital interests of you or another individual, e.g. the exchange of personal data with your insurance company and medical staff in an emergency situation
It is in the public interest or we have official authority, e.g. to respond to and manage security operations
Where we have a legitimate interest in better understanding your interests, so that we can predict which other products and services might be of most interest to you.  This ensures we can tailor our communications to be more relevant for you.   
Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. E.g.:

We have your explicit consent
It is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent
It is necessary to establish, exercise or defend legal claims
It is necessary for reasons of substantial public interest

Changes to this notice

This notice replaces all previous versions. We may update the notice at any time so please check it regularly for any changes. If the changes are significant, we will provide a prominent notice including, if we believe it is appropriate, email notification of privacy notice changes.  

Updated: May 2018



Appendix A


Key Terms

Here is a list of key terms relating to privacy notices and privacy regulation.


  • Data controller: The data controller determines the purpose and manner in which personal data is used. 
  • European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.  
  • Online advertising: Digital marketing messages that you see on the internet.  
  • Personal Data: is defined as “any information relating to an identified or identifiable natural person ("customer"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person” (EU General Data Protection Regulation Article 4.1)
  • Special categories of personal data: These are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation. 

Updated: May 2018