PRIVACY POLICY
Last updated: 14 February 2022Impala Customer Privacy Policy
We are Impala Travel Technology Limited (referred to as "Impala", "we", "us" or "our" in this privacy policy) are incorporated and registered in England and Wales with company number 10098314 whose registered office is at 86-90 Paul Street, London, England, EC2A 4NE (Supplier). This policy sets out the basis on which any personal data we collect will be processed by us as a data controller. We act as a data controller when we determine how and why personal data is processed (e.g. when you make contact with us via our website). In this privacy policy, references to 'you' or 'your' is to you as an individual.
In some circumstances, Impala processes consumer personal data of people making travel bookings, we refer to this group of people as "end users". We process end user data as a data processor on behalf of our customers. We act as an intermediary in relation to the facilitating, creating and managing of bookings with hotel suppliers and in those circumstances, we process end user identity information, contact information and financial information for the purposes of facilitating bookings. In those circumstances, our customer (the company offering travel services to end users) is the data controller in respect of end user personal data. For more information about how they process personal data as a data controller, please see their privacy policy.
Please read this privacy policy carefully to understand our views and practices and your rights regarding your personal data. By visiting our website, using our services, or by otherwise providing us with your personal information, it will be processed as described in this policy.
Definitions
The definitions and rules of interpretation in this clause apply in this licence.
"Impala", "us", "we", "our" or "Supplier" means IMPALA TRAVEL TECHNOLOGY LTD incorporated and registered in England and Wales with company number 10098314 whose registered office is at 86-90 Paul Street, London, England, EC2A 4NE (Supplier). You are referred to as the "Customer".
"API" means the application programming interface developed by Impala, made available to Customer by Impala including, without limitation, through the Website as each may be updated from time to time. "API Limits" means the restrictions provided or published by Impala from time to time. "Authorised Users" means any users authorised by Impala in writing to access the API on behalf of the Customer via the API Key. "Negotiated Rates" means any rates for third party services negotiated by the Customer through the functionality provided by the API or and any other goods or services that we provide.
Information we collect from you
Personal data, or personal information, means any information about an individual from which that person can be identified.
We will collect and process the following data about you:
Information you give us. This is information about you that you give us by filling in forms on our site or through our API (application programming interface), or by corresponding with us by phone, email or otherwise. The information you give us may include your name, job title, profession and company name, address, email address and phone number. We will also collect any relevant financial information to facilitate payment.
Information we collect from your use of our website and services. With regard to each of your visits to our site we will automatically collect the following information and may use cookies or similar technologies to do so:
technical information, such as the Internet protocol (IP) address used to connect your device to the Internet, whereabouts you connected to our service, your internet service provider (ISP), your operating system, which other websites referred you to us and the site you exit us to, and what type of device you are using to access our service; and
analytics information, such as what parts of our services or website you access and interact with and any referring sites that directed you to our website.
Why we collect this information
We process your personal information for the following reasons:
Pursuant to a contract in order to:
process information at your request to take steps to enter into a contract and facilitate booking
process payments;
resolve service issues; and
send service communications so that you receive a full and functional service and so we can perform our obligations to you.
On the basis of your consent:
Where we rely on your consent for processing this will be brought to your attention when the information is collected from you; and
We will contact you with direct marketing communications if you consent to us doing so and you have the right to withdraw consent at any time. See the What are your rights? section below for more information.
In our legitimate interests of providing the best services to you and improving and growing our business we will process data for the purpose of:
providing you with a personalised service;
improving our website, our API and our services;
keeping our site and systems safe and secure;
understanding the effectiveness of our marketing;
understanding market trends; and
defending against or exercise legal claims and investigate complaints.
You have the right to object to processing carried out for our legitimate interests. See the What are your rights? section below for more information.
To comply with legal requirements relating to:
the provision of the services;
data protection;
anti-money laundering or fraud;
health and safety;
assisting law enforcement; and
any other legal obligations placed on us from time to time.
How long we keep your information
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any applicable legal, regulatory, tax, accounting or reporting requirements. In the event of a complaint or if there is a prospect of litigation regarding our relationship or dealings with you, we may retain your personal data for a longer period.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data (and whether we can achieve those purposes through other means) and the applicable legal, regulatory, tax, accounting or other requirements. Personal data is not typically stored for longer than 6 years after the end of our relationship with you.
How your data is stored and secured
At Impala Travel Technology Limited, we take your safety and security very seriously and we are committed to protecting your personal and financial information. All data collected will be protected by suitable security procedures. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website or service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
International Transfers
Many of our external third parties (including hotel suppliers) are based outside the UK so their processing of your personal data will necessarily involve a transfer outside the UK.
When we transfer your personal data outside the UK, we will only do so if adequate protection measures are in place in compliance with data protection legislation. More information is available by contacting us.
What are your rights?
Where processing of your personal data is based on consent, you can withdraw that consent at any time.
You have the following rights. You can exercise these rights at any time by emailing us at privacy@impala.travel. You have the right to:
withdraw consent, where personal data is processed on the basis of your consent;
ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes;
ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest;
request from us access to personal information held about you;
ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
to ask for data to be erased provided that:
the personal data is no longer necessary for the purposes for which it was collected;
you withdraw consent (if the legal basis for processing is consent);
you exercise your right to object, set out below, and there are no overriding legitimate grounds for processing;
the data is unlawfully processed;
the data needs to be erased to comply with a legal obligation or the data is children's data and was collected in relation to an offer of information society services;
to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing); and
to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.
In the event that you are not satisfied with our (or the applicable data controller's) processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner's Office (ICO) in the UK, at any time. The ICO's contact details are available here: https://ico.org.uk/concerns/.