Policies

PRIVACY POLICY

ITO Tours UK Ltd. is committed to protecting your privacy. This Privacy Policy sets out the nature of the information we collect, how we collect it, and what happens to it.

Your information includes your name, contact details, travel preferences, and special needs/disabilities/dietary requirements that you supply us or provide us, as well as any information about other persons on your booking ("your information" n"). Your information is collected when you request information from us, contact us (and vice versa) or book with us. You are responsible for ensuring that other party members know the content of our Privacy Policy and consent to your acting on their behalf in all your dealings with us. We will update your information as appropriate to ensure it is up-to-date and accurate.

Our Use of Your Information We may disclose your information to our suppliers and service providers, who may be outside the Netherlands, so that we can provide you with your holiday services, transfers, etc. We disclose only information that is necessary for this purpose.

We may disclose your information to companies that carry out data processing services on our behalf, such as administration, business management, operations, research and analysis, marketing, monitoring, analysis, and other everyday business practices. If we search against the files of credit reference agencies, they will record the search, and hence, how you conduct your account with us may be shared with other lenders and credit agencies.

Some of the data we collect about you, such as health-related information, may be considered "sensitive personal data". We collect it to cater to your needs or act in your interest. Still, we do so on the condition that we have your positive consent. By booking with us, you also agree for your insurers, their agents and medical staff to disclose relevant information (which may contain sensitive personal data) to us in circumstances where we need to act in the interest of everyone in the group you are travelling with. If you do not agree to our use of your information in the manner described above, we cannot accept your booking.

Direct Marketing Material Occasionally, we may contact you by post, email, or telephone with information on holidays and related services, brochures, offers, new products, forthcoming events, or promotions.

When you first supply us with your information, you may indicate your preference to receive our direct marketing material for the above purposes by telephone or e-communications (email, SMS, email brochure) on our website(s), or forms, or to our staff.

If you do not wish to receive such information or want to change your preference, please refer to point(2) of "Your Rights" below.

You have the right to request a copy of the information we hold about you and correct any inaccuracies in your information by completing our Data Subject Access Request Form. You also have the right to ask in writing not to receive direct marketing material about our products and services. Once you properly notify us, we will take steps to stop using your information in this way.

Use of Cookies If we contact and deal with you via our website(s), we may use "cookies," which allow us to identify your computer but not you personally. A cookie is a small piece of data sent from our web server to your computer and stored in a text file on your hard drive, though you can set your web browser to refuse cookies. We use cookies to measure site usage and related information.

Links to other websites. If you are making a purchase or other process-led transaction, we may also use cookies to track the transaction from one web page to another. Our website(s) may contain links to sites we do not control. These sites may send you cookies and collect data and personal information. We are not responsible for the actions, content or privacy policies of those websites to which our website(s) may link.

Aggregated Information We may collect aggregate information about customer trends and patterns and disclose aggregate statistics about enquiries, visitors, customers, and sales to describe our services to prospective partners, purchasers, advertisers, and other reputable third parties for other lawful purposes. No personally identifying information is disclosed.

Monitoring To ensure that we carry out our instructions accurately and to help improve our service, we may monitor and record telephone calls and customer transactions and activities on our website for security reasons. All recordings are and shall remain our sole property.

Changes to the Privacy Policy We reserve the right to make changes to this policy as required. Policy updates will be posted on our website. We will strive to ensure our practices comply with the most current policy version.

CRITICAL Policy INCIDENT RESPONSE PLAN (CIRP) POLICY

ITO Tours UK Ltd. is committed to ensuring the safety and operational integrity of our guests and staff. Our Critical Incident Response Plan (CIRP) provides a structured and effective response to incidents that could impact our operations, reputation, or the communities we serve. The policy outlines a policy approach to preparing for, managing, and recovering from such incidents.

The policy applies to employees, contractors, and partners involved in ITO Tours UK Ltd. operations and encompasses all services provided, including hotel allocations, transportation, and custom tour programs.

Objectives

  • To ensure a swift and effective response to any critical incident. Minimise the impact of operations and stakeholders.
  • To safeguard the health and safety of guests and staff.
  • To maintain clear and effective communication with all stakeholders.
  • To facilitate a timely recovery and return to normal operations.

Identification of Critical Incidents Critical incidents may include but are not limited to natural disasters, health crises, accidents, security threats, and significant operational failures. Each type of incident requires specific strategies outlined in our detailed response procedures.

Roles and Responsibilities

  • CIRP Coordinator: Oversees the implementation of the CIRP, coordinates the response efforts, and serves as the primary point of contact.
  • Communication Officer: Manages all internal and external communications.
  • Safety Officer: Ensures the implementation of safety protocols and first aid measures.
  • Recovery Officer: Coordinates efforts to return to normal operations post-incident.

Communication Plan: The Communication Officer will manage communications, including notifying affected parties, coordinating with external agencies, and handling media inquiries.

Response Procedures: Detailed response procedures will be developed for identified critical incidents, including evacuation plans, emergency contact numbers, coordination with local emergency services, and specific action steps for staff.

Review and Improvement: The CIRP will be reviewed annually or following a significant incident to incorporate lessons learned and emerging best practices.

Policy Approval and Implementation: The management of ITO Tours UK Ltd. approves policy, effective immediately. All staff must familiarise themselves with the CIRP and participate in related training and drills.

ELECTRONIC DATA DESTRUCTION POLICY

Purpose and Scope: This policy establishes guidelines for securely destroying electronic data to protect sensitive information from unauthorised access and devices owned by ITO Tours UK Ltd., including computers, laptops, external drives, flash drives, and other electronic storage devices containing company data.

Policy Statement ITO Tours UK Ltd. is committed to safeguarding sensitive information through proper disposal methods and complying with legal and regulatory requirements and industry best practices.

Responsibilities

  • IT Department: Oversees and executes data destruction procedures.

  • Employees: Adhere to data handling and destruction policies.

  • Data Protection Officer: Ensures policy compliance and conducts regular audits.

Methods of Destruction

  • Electronic Shredding: Overwriting data multiple times to prevent recovery.

  • Degaussing: Using magnets to erase data on magnetic devices.

  • Physical Destruction: Rendering storage devices physically unusable.

Procedure

  • Identification: Determine devices/media for data destruction.

  • Authorization Data Protection Officer.

  • Execution: Use an approved destruction method securely.

  • Documentation: Record details of each data destruction action.

  • Verification: Conduct audits to ensure compliance and effectiveness.

Training and Awareness Regular training ensures employee understanding and adherence to the policy.

Policy and Update: Policy is reviewed periodically or as needed to address changes in requirements. Updates are communicated to all employees.

Compliance Non-compliance may result in disciplinary actions, including termination and legal and financial consequences.

VENDOR/THIRD-PARTY RISK MANAGEMENT POLICY

Purpose and Scope: The policy establishes a framework for managing and mitigating risks related to third-party vendors and service providers. It applies to all departments and employees involved in selecting, contracting, and managing external vendors at ITO Tours UK Ltd.

Policy Statement: ITO Tours UK Ltd minimises the compliance risks arising from third-party engagements through systematic assessment, ongoing monitoring, and management.

Definitions

  • Third-Party Vendor: External entity providing goods/services to the company.
  • Risk Management: Identifying, assessing, and mitigating potential threats.

Roles and Responsibilities

  • Senior Management: Aligns policy with organisational selection and initial risk assessment.
  • IT Department: Evaluates and oversees technology-related risks.

Vendor Selection Process

  • Initial Screening: Vendors must meet basic organisational requirements. Evaluation is based on reputation, reliability, value, and alignment with company values.

Vendor Risk Assessment and Monitoring

  • Continuous Monitoring: Regular performance and compliance evaluations.
  • Contractual Obligations: Agreements must include legal, regulatory, and safety compliance provisions.

Compliance and Legal: Considerations Vendor contracts must explicitly include compliance with applicable laws, regulations, and standards, including data protection and cybersecurity.

The policy is regularly reviewed to reflect regulatory, industry, or company changes.

Enforcement: Non-compliance may result in disciplinary actions, including termination of employment or vendor contracts.

DATA PROTECTION POLICY FOR ITO TOURS UK LTD.

Introduction ITO Tours UK Ltd. is committed to protecting the privacy and security of personal data. The policy outlines an approach to handling personal data in compliance with the UK's Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

The policy applies to ITO Tours UK Ltd. employees, contractors, and partners who handle personal data.

Principles: ITO Tours UK Ltd. adheres to these data protection principles:

  • Lawfulness, fairness, and transparency: Personal data is processed legally and transparently.
  • Purpose limitation: Collected only for specific, legitimate purposes.
  • Data minimisation: Only minimisation.
  • Accuracy: Data is kept accurate and updated.
  • Storage limitation: Data is retained only as long as required.
  • Integrity and confidentiality: Secure processing to prevent unauthorised access. Data subjects have the rights to:
  • Be informed
  • Access their data
  • Rectification
  • Erasure
  • Restrict processing
  • Data portability
  • Object to processing
  • Not be subject to automated decisions/profiling

Data Protection Measures ITO Tours UK Ltd. implements:

  • Data protection impact assessments
  • Integration of data protection in internal procedures
  • Regular staff training
  • Periodic testing of security measures

Data Breach Procedure In case of a data breach, ITO Tours UK Ltd. will assess risks promptly and report violations to authorities within 72 hours if necessary.

Policy Review and Update Reviewed regularly to ensure compliance with current laws.

 

Subscribe to our newsletter

This website uses cookies.

We use cookies to personalize content and ads, provide social media features, and analyze our traffic. 

Continuing on our website, we will assume that you comply. Please read our privacy policy for more information. You can return to the privacy policy at the bottom of the website at any time.

Agree »