Privacy & Data Protection

The School Tour Company is committed to protecting your privacy and handling your personal data responsibly and transparently.

This Privacy & Data Protection Notice explains what personal information we collect, how we use it, how it is stored and shared, and your rights under UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact details
The School Tour Company
Dalton House
35 Chester Street
Wrexham
LL13 8AH
United Kingdom

Telephone: 01244 722651
Email: info@schooltourcompany.co.uk
Website: https://schooltourcompany.co.uk/

We act as a data controller in relation to the personal data you provide when using our website or arranging school tours and travel services.

What personal data we collect

Group Leader and Co-Group Leader

  • Full name
  • Date of birth
  • Gender
  • Passport details
  • Email address*
  • Phone number*
  • Address*

Students / passengers / other group members

  • Full name
  • Date of birth
  • Gender
  • Passport details

*Co-group leader contact details are collected only where voluntarily provided on booking forms.

We do not intentionally collect or process special category (sensitive) personal data.

Payment information
Payments made through our website require credit/debit card details. These are processed securely by an authorised third-party payment provider.
We do not receive or store full payment card details.

Personal data of children
As a school tour provider, we process information relating to children and students. This information is supplied by a parent/guardian, school, or authorised group leader and is used strictly to organise and deliver travel arrangements.

Lawful basis for processing
We collect and use personal data in accordance with UK GDPR on the following legal bases:

  • Performance of a contract – to arrange and manage travel services
  • Legal obligation – to comply with UK laws and regulatory requirements
  • Legitimate interests – to operate and improve our services and manage bookings
  • Consent – where required, such as certain communications

We do not use client data for general marketing. We may occasionally contact group leaders with relevant information about services previously used. All such communications include clear opt-out options.

How we use your personal data
We may use personal data to:

  • Arrange and manage travel bookings and services
  • Communicate essential booking updates and travel information
  • Provide customer support
  • Meet legal and regulatory requirements
  • Maintain internal operational records
  • Request feedback to improve our services

How long we retain personal data
We retain personal data only for as long as necessary to:

  • complete the travel service
  • comply with legal, financial, and regulatory obligations
  • manage disputes or customer service issues

Retention periods vary depending on the nature of the data and legal requirements but are regularly reviewed to ensure data is not held longer than necessary.

How we share personal data
We share personal information only where necessary to deliver travel services or meet legal obligations. This may include:

  • Tour operators and activity providers
  • Hotels and accommodation providers
  • Airlines and transport providers
  • Service providers supporting booking administration
  • Authorities or regulators where required by law

We do not sell personal data to third parties.

International data transfers
Some travel providers may be located outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place in line with UK GDPR requirements.

Cookies and website usage
Our website uses cookies and similar technologies to ensure functionality, analyse usage and improve user experience.

Types of cookies used may include:

  • Essential cookies required for site operation
  • Performance and analytics cookies
  • Functionality cookies that remember preferences

You can manage or disable cookies through your browser settings. Please note this may affect website functionality.

Data security
We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse or disclosure. These include:

  • Secure IT systems and databases
  • Encryption and firewall protections
  • Access controls and staff authorisation procedures
  • Regular system monitoring and backups

Your rights under UK data protection law
Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of personal data where appropriate
  • Restrict or object to certain processing
  • Request transfer of your data (data portability)
  • Withdraw consent where processing relies on consent
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO)

Withdrawing consent
Where processing is based on consent, you may withdraw this at any time. Please note that doing so may affect our ability to provide certain services.

How to access, update or delete your data
You may request access, correction or deletion of your personal data by contacting us using the details above. We will respond in accordance with UK data protection law.

Complaints
If you are not satisfied with how we handle your personal data, you have the right to complain to the UK supervisory authority:

Information Commissioner’s Office (ICO)
www.ico.org.uk

Third-party websites
Our website may contain links to third-party sites. We are not responsible for their content or privacy practices and encourage you to review their privacy notices before sharing information.

Changes to this notice
We may update this Privacy & Data Protection Notice from time to time to reflect legal, operational or service changes. The latest version will always be published on our website.