Protecting your privacy is important to us. At all times we aim to respect any personal information you share with us, or that we receive from other organisations, and keep it safe. This Privacy Notice (“Notice”) explains how we hold and use personal information and your rights and options in relation to it.
If you have any questions about this Notice please contact us using the details in the “Contact us” section below. This Notice contains important information about your personal rights to privacy. Please read it carefully to understand how and why we use your personal information.
Prince Harry, The Duke of Sussex has independently convened leading global travel businesses to form Travalyst, a coalition of partners who aim to explore and promote initiatives and solutions that will help make all travel more sustainable. As such this website is operated by Travalyst (registered company 12546940). Travalyst is the controller of the personal information that is collected through the site or otherwise as set out below.
Our partners are Amadeus, Booking.com, Expedia Group, Google, Skyscanner, Travelport, Trip.com Group, Tripadvisor and Visa. At times we may share personal information with them for the purposes set out in this Notice below, and they will sometimes share personal information with us where it is lawful and appropriate to do so.
For example, personal information that you give us by filling in forms on our website or communicating with us by letter.
Your personal information may also be shared with us by third parties (see “Will we share your personal information?” below). To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.
When you visit our websites, we automatically collect the following personal information:
(a) Technical information, including the internet protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.
(b) Information about your visit to the website, including the uniform resource locator (URL) clickstream to, through and from the site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.
We also collect and use your personal information by using cookies on our websites – please see our Cookies Notice for more information.
We may combine your personal information from one or more of these sources for the purposes set out in this Notice.
We may collect, store and use the following kinds of personal information:
Data privacy law identifies certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health or ethnicity. In limited cases, we may collect and/or use your sensitive personal information (also known as special category data). Normally we will only do so where we have your explicit consent, but there may be other circumstances permitted under data privacy law.
Our partners are Amadeus, Booking.com, Expedia Group, Google, Skyscanner, Travelport, Trip.com Group, Tripadvisor and Visa. We sometimes share personal information with them for the purposes set out in this Notice below, and they will sometimes share personal information with us where it is lawful and appropriate to do so.
Your personal information, however provided to us, may be used for the purposes specified in this Notice, including:
Please note that we (or our service providers) or third party (including Project partner) event hosts may film or photograph those attending or taking part in our events.
We may use the footage or photographs for publicity and marketing/fundraising purposes. For example, in print and/or digital material (including social media) or via external advertising and press outlets, all of which may be made available to the public.
No personal details (e.g. names) of children under 16 will be used in such materials without consent from their parent or legal guardian, but we may use images where children are incidentally pictured (for example, as part of a crowd).
We may use your contact details to provide you with information about our work which we consider may be of interest to you.
We will obtain your consent to contact you via email for these purposes (for example, via signing up on our website).
See the section “Our legal basis for processing your information” for more information about our use of legitimate interests.
We may send the following marketing materials but please note that recipients can unsubscribe from marketing emails at any time:
Where possible we remove out of date contact details by checking them against publicly available records such as deceased records. This helps us to improve the delivery rate of our mailings and minimise wasted expenditure.
Depending on your settings or the privacy policies for social media messaging services such as Facebook, Twitter and Instagram, you may receive targeted advertisements about Travalyst through our use of social media audience tools.
For example, Facebook’s ‘Custom and Lookalike Audiences’ programmes enables us to display adverts to our existing supporters when they visit Facebook, or other people who have similar interests or characteristics to our supporters. We may provide your personal information including your email address to Facebook, so it can determine whether you are a registered account holder with them, or so that Facebook create a “lookalike” audience. Our adverts may then appear when you access Facebook. We only work with social media networks that provide a facility for secure and encrypted upload of data and immediately delete any records not matching with their own user base.
For more information or to manage your social media ad preferences, please see Facebook’s “About Custom Audiences” guide (https://www.facebook.com/business/help/744354708981227) and its Data Policy.
Our website also uses web beacons or pixels through third-party service providers that allow us to track conversions and activity on our website, as well as generate advertisements that appear on Facebook and other search engines like Google for you and other potential users. Please see our Cookies Policy for more information.
Unless stated in this Notice, we do not share (unless we have your consent to do so), sell or rent your personal information to third parties outside of our partnership for their own marketing.
We take proportionate and appropriate measures to safeguard your personal information and to prevent the loss, destruction, misuse or alteration of it.
Your personal information is only accessible by appropriately trained staff and contractors, and stored on secure servers. In general, the personal information that we collect from you will be stored at a destination within the UK or European Economic Area (EEA). However, we use agencies and/or suppliers to process personal information on our behalf. Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating outside the UK or EEA who work for us or for one of our suppliers.
In these cases we will take all steps reasonably necessary to ensure that the recipient implements appropriate safeguards to protect your personal information (for example, by entering into a contract approved by the European Commission or, if the company is based in the US, checking that it is certified under the EU-US Privacy Shield).
The transmission of information via the internet is never completely secure, and although we do our best to protect it, we cannot guarantee the security of personal information transmitted via the internet.
Travalyst relies on a lawful basis to collect and use your personal information. Data privacy law specifies six such grounds, and we consider the following to be relevant to our use of personal information:
Personal information may be collected and used if it is reasonably necessary to achieve a legitimate interest (as long as that processing is fair, balanced and does not unduly impact your rights).
Where we rely on legitimate interests, depending on the activity, we may be relying on Travalyst’s legitimate interests or those of our partner organisations.
Those legitimate interests include the following:
Whatever your relationship with us, we will only store your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.
Usually this will be for a specified amount of time in accordance with our internal retention policy. That length of time may vary depending on the reasons for which we are processing the personal information and whether we have a legal (for example, under financial regulations) or contractual obligation to keep it for a certain amount of time.
Subject to the above, generally, we typically retain personal information relating to people who have signed up to our mailing lists for six years after their last interaction with us, and we will then consider whether to retain for a further six years.
Once the retention period has expired, personal information will be confidentially disposed of and permanently deleted.
If you object to further contact from us, we will keep some basic information about you on a “suppression list” in order to avoid sending you unwanted communications in the future.
You have a number of legal rights in relation to our use of your personal information. These rights include:
This is sometimes called a “subject access request” and can be done by writing to us at the address in the “Contact us” section below.
To exercise any of these rights, please send us a description of the personal information in question, along with an explanation of the rights you wish to exercise, using the contact details in the “Contact us” section below. In some cases, we may ask for proof of identification or further information before we can process your request.
Please note that these rights only apply in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or contact us using the details in the “Contact us” section below if you are unsure.
Due to the collaborative nature of our work, our website may contain links to other sites, including those of our delivery partners. This Notice does not cover those external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website or if you are involved in one of our Projects, please visit the website of those partners who are listed on the website as being involved so you can understand how they collect, use and share your personal information.
We keep this Notice under regular review and may update it from time to time, so we recommend that you check it regularly. Where necessary we may also notify you of changes to this Notice by email. This Notice was last updated on 7th November 2022.
If you have any questions or concerns (including complaints) about this Notice or about the way in which your personal information is being used, please let us know by contacting us in the following ways:
by email: [email protected]
In each instance, please ask for or address your communication to Data Protection Lead.
You are entitled to make a complaint at any time to the Information Commissioner’s Office, the UK regulatory authority for data privacy (https://ico.org.uk/global/contact-us/). We are always grateful for the opportunity to resolve your concerns before you approach the ICO, so would appreciate it if you could contact us first.