[jstrc:staticheader]

 
Call Us  
Brochures 
Agency  
Search

Privacy Policy

Riviera Travel's Privacy Notice

Introduction

Privacy is a very important issue for everyone and is a subject we consider to be a priority. Trust, respect and fairness have always been values that are integral to Riviera Travel and how we operate.

Riviera Tours Ltd trading as Riviera Travel (referred to in this notice as “we” or “us”) of New Manor, 328 Wetmore Road, Burton-on-Trent, DE14 1SP is registered as a data controller with the Information Commissioner’s Office under registration number Z2071453.

This Privacy Policy outlines how we collect, use, and protect personal data, as well as your rights under applicable privacy laws, including but not limited to:

  • UK General Data Protection Regulation (UK GDPR);
  • Data Protection Act 2018 (DPA 2018);
  • Privacy and Electronic Communications Regulations (PECR);
  • General Data Protection Regulation (GDPR)
  • Personal Information Protection and Electronic Documents Act (PIPEDA); and any applicable provincial privacy laws in Canada.
  • US state privacy laws, including but not limited to those in California, Oregon, Montana, Utah, Colorado, New Jersey, Rhode Island, and New Hampshire (“US Data Privacy Laws”)
  • Australian Privacy Act 1998

 
Changes to this notice

This notice replaces all previous versions. We may update this notice at any time so please check it regularly for any changes. If the changes are significant, we will provide a prominent notice including, if we believe it is appropriate, email notification of privacy notice changes.

Last updated: 05/02/2025

Contents of this privacy notice

  • How we collect your personal data
  • Types of personal data we collect
  • How we use personal data 
  • Our legal bases for processing personal data
  • Sharing of personal data
  • International data transfers
  • How we protect your personal data
  • How long do we keep personal data
  • Your rights under applicable privacy laws 
  • Further information, queries and complaints

How we collect your personal data

Information which you provide to us directly

  • When you contact us for any of our services, online or by telephone.
  • Request additional information, including a brochure or newsletter.
  • Enter a competition.
  • Respond to a survey or questionnaire.
  • Create a customer account.
  • Provide passenger information.
  • Participate in our recruitment processes.
  • Provide feedback or otherwise interact with us, including via social media, email, or phone call.
  • Respond to any queries or requests.
  • Make a complaint or claim.

Information which we receive from others

  • Booking information provided by others making a booking on your behalf, including group bookings;
  • Profiling data from trusted third parties;
  • Updated address information from trusted third parties;
  • Marketing preferences
  • Travel agents and similar organisations placing bookings on your behalf
  • Information from insurance companies in the event of an incident; and
  • Contact and location information from social media providers when you log-in via your social media account.

You do not have to provide your personal data to us. However, if you do not provide your personal data to us when we need you to, we may not be able to provide our services to you or respond to your queries.

Types of personal data we collect

When you register for any of our services, request information, buy our products online or by telephone or, in a limited way, browse our websites, we may process the following types of personal data:

  • Your full name, gender, and date of birth
  • Your full postal address and updates to your postal address
  • Contact information such as phone numbers, email address, and social media username (when contacted via social media)
  • Riviera Account login details e.g. your username and password
  • Passport Details, including nationality
  • Insurance details
  • Data relating to your booking, including payment information
  • Information regarding any additional assistance needed, and other information related to your needs and preferences such as dietary and mobility requirements
  • Information about your purchases or registrations, including purchases made, brochures and itineraries you have requested, and how you made the purchase or request
  • Geo-demographic information, which may include your postcode, preferences and interests
  • Marketing preferences
  • Information about other passengers in your booking
  • Communications you exchange with us (for example, your emails, letters, texts, phone calls, social media interactions with us, feedback, surveys, and questionnaires)
  • Phone recordings
  • Booking reference numbers
  • Health data (e.g. mobility and / or dietary requirements)
  • Next of kin details
  • Browsing behaviour, preferences, and advertisement interaction information
  • IP address, browser, and operating system

We also use cookies to understand how our sites are used, which helps us to improve your overall online experience. To learn more about how we use cookies, see our Cookie Policy.

How we use personal data

We will process your personal data in order to:

  • Manage your bookings and/or provide you with the services you request, including provision of brochures or itineraries, including sharing data with suppliers and partners such as airlines, hotels, railways, shipping vessels, and other suppliers of services for which you have requested via us.
  • Send status updates and service communications to you.
  • Support your safety and wellbeing when you travel with us.
  • Communicate with you about your account or transactions with us and send you information about our products and services.
  • Communicate with you in relation to marketing activities, including competitions, and ensure that our marketing, and that of our partners, including online advertising, is of relevance to you. This includes our email newsletter, or sharing your personal data with relevant providers of reader offers, online publishing, in newspapers, and in magazines, provided by third parties.
  • Support specific management and administrative purposes, including IT and data management services.
  • Analyse and improve the services offered by us.
  • Enhance the customer experience: we want to ensure that you receive the best service possible therefore we may share your personal data with third parties to gain customer feedback on your journey, including customer surveys, questionnaires, or other communications in relation to the products and services we offer.
  • To comply with our legal obligations, and exercise or defend our legal rights.
  • So that you can travel, it is sometimes mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or other purposes which they determine appropriate.
  • Undertake our company administrative purposes, such as billing, accounting, and invoice processing.
  • Undertake surveys, questionnaires, and other market research activities.
  • Sharing of your personal data with social media platforms such as Facebook (Meta), and Google Ads. This includes using the data for ‘lookalike audience’ tools. Please note, you can manage the ads you see through the social media’s own preference centre, for example, here: Facebook's help centre
  • Investigate any allegations of complaints or abusive behaviour, during usage of our services, to other passengers or staff.
  • Managing and maintaining the safety and security of our operations, including responding to accidents or other similar incidents.
  • Profiling our customers to ascertain our average customer profile.

Our legal bases for processing your personal data

We will only collect and use your personal data where we have a lawful basis for doing so, which may include the following:

  • to enable us to enter into and to perform a contract with you.
  • to allow us to exercise our legitimate interests as a data controller. We rely on legitimate interests as a data controller to process the personal data that you provide to us for the following purposes: personalised direct marketing offers, to offer prizes and giveaways, digital feedback (for instance Reevoo, Trustpilot and FeeFo), customer surveys, welcome home surveys and potential follow up telephone calls, telephone call recordings, sharing of telephone call recordings for third party regulatory / legal requirements, marketing information received from third parties, marketing profiling, average customer profiling, data management services, data cleansing, sending you vouchers, magazines and offers for an extension of your holiday, tour manager referrals, references, next of kin details, tracking for our affiliate programme, hospitality activities, including customer special occasions and communications following a first booking, postal marketing and soft opt-in for marketing purposes, website and advertisement data analytical services. As well as the above, this also includes attribution to advertising on Facebook.
  • to comply with our legal obligations.
  • with your consent, which you may withdraw at any time.
  • where it is necessary for the performance of a task carried out by us in the public interest or in the exercise of official authority vested in us.
  • to protect your vital interests or those of another person.

Where we need to process special categories of personal data, for example dietary or mobility information, we will only do so if this complies with data protection law.

Sharing of personal data

We may disclose your personal data to any of our employees, officers, contractors, insurers, professional advisors, agents, suppliers or subcontractors, government agencies and regulators insofar as reasonably necessary, and in accordance with data protection legislation.

We may also disclose your personal data:

  • If we enter into a joint venture with or merge with another business entity, your information may be disclosed to our new business partners or owners
  • With our Data Protection Team and/or Legal Advisors
  • With our auditors, for more information as to how they process your personal data please refer to their Privacy Notice: Entities privacy policy | RSM UK
  • If we are making an insurance claim following an incident we may share your information with our insurers
  • If we are being audited then we may share your information with our auditors
  • To fulfil legal and regulatory obligations
  • To fulfil our contractual or other obligations with you
  • In relation to reader offers, where there is a lawful basis for sharing your personal information with magazines and / or newspapers
  • Meta – for further information about how they process your personal data, please refer to their Privacy Policy: Meta Privacy Policy – How Meta collects and uses user data | Privacy Centre | Manage your privacy on Facebook, Instagram and Messenger | Facebook Privacy
  • With your consent
  • As otherwise required or authorised by law.

Unless required to do so by law, we will not otherwise share, sell, or distribute any of the information you provide to us without your consent.

International Data Transfers

We may transfer your personal data to countries outside of your country of residence, including countries that may not have the same level of data protection as the laws in your jurisdiction. When we transfer personal data internationally, we ensure that appropriate safeguards are in place to protect your data, in compliance with applicable data protection laws.

For data transfers from the European Economic Area (EEA), Switzerland, or the United Kingdom (UK) to countries without an adequacy decision, we rely on safeguards such as:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers from the EEA and Switzerland.
  • UK Addendum to the SCCs: For transfers from the UK.
  • EU-U.S. Data Privacy Framework (DPF): For transfers to the United States, where applicable.

For data transfers from other jurisdictions, such as Canada or Australia, we implement contractual agreements or other measures to ensure that your personal data is protected in line with applicable privacy requirements.

We may also adopt additional safeguards where required to further enhance the protection of your data.

If you have any questions about international data transfers or the safeguards we use, please contact us for more information.

How we protect your personal data

We take appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access when it is being transmitted, stored, or otherwise processed.

How long do we keep personal data?

We will retain your personal data for as long as it is necessary for the purposes set out in this privacy notice and no longer than necessary in order to meet our legal and regulatory requirements / best practice. After this period, we will securely erase personal data or take appropriate measures to anonymise it.

We have retention policies in place that govern how long we keep your personal data, depending on the type of data and the purposes for which we process it.

Your rights under applicable privacy laws

Rights under GDPR and UK GDPR

You may exercise your data subjects’ rights under data protection laws in relation to our processing of your personal data. We aim to respond to all legitimate requests within 30 days. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Your data subject rights include:

  • You have the right to request access to your personal data

You have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data.

  • You have the right to ask us to rectify your personal data

You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data.

  • You have the right to ask us to erase your personal data

You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data.

  • You have the right to ask us to restrict or block the processing of your personal data

You have the right to ask us to restrict or block the processing of your personal data that we hold about you. This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we don't need to use your personal data for the purpose, we collected it for, but you may require it to establish, exercise or defend legal claims.

  • You have the right to portability of your personal data

You have the right to obtain and reuse your personal data from us to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.

  • You have the right to object to our processing of your personal data

You have the right to object to our processing of your personal data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights, or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.

  • You have the right not to be subject to automated decision making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you.

If you wish to exercise any of these rights, please use the details in the section ‘Further Information, Queries and Complaints’ below.

Rights under Canadian Privacy Laws (PIPEDA)

Under Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), you have rights regarding your personal information. We are committed to addressing all legitimate requests promptly and aim to respond within 30 days. Your rights include:

  • Right to access your personal information

You have the right to request access to your personal information, including confirmation that your personal information is being processed and a copy of your personal information, as well as information about how we process it.

  • Right to correct your personal information

You have the right to request correction of any inaccurate or incomplete personal information we hold about you.

  • Right to withdraw consent

You have the right to withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide services to you.

  • Right to challenge compliance

You have the right to challenge our compliance with applicable Canadian privacy laws and to make a complaint to the Office of the Privacy Commissioner of Canada if you are not satisfied with our response.

Rights under the Australian Privacy Act 1988

You may exercise your data subjects’ rights under the Australian Privacy Act, in relation to our processing of your personal data. We are committed to addressing all legitimate requests promptly and aim to respond within 30 days. Your rights include:

  • Access to personal information

You have the right to request access to their personal data held by us. We will provide this information within a reasonable time and usually without charge.

  • Correction of personal information

If personal information held by us is incorrect, incomplete, or outdated, you can request corrections or updates.

Rights of US residents 

US state-level data privacy laws, including but not limited to those in California, Oregon, Montana, Utah, Colorado, New Jersey, Rhode Island, and New Hampshire (“US Data Privacy Laws”), provide residents with specific rights regarding their personal information. For the purposes of this section, “Personal Information” has the meaning ascribed by the California Consumer Privacy Act (“CCPA”) and may exclude certain categories of information, such as publicly available, deidentified, or aggregated data, as well as data subject to laws like the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Health Insurance Portability and Accountability Act (HIPAA), or the Driver’s Privacy Protection Act of 1994, or otherwise exempt or excluded under the CCPA.

Depending on your place of residence, you may have some or all of the rights listed below with respect to your Personal Information. These rights are not absolute, may apply only in certain circumstances, and may be declined to the extent permitted by law.

  • Right to access

You may have the right to request access to the Personal Information held about you, including details on how it is used and shared.

  • Right to delete 

You may have the right to request that Personal Information maintained about you be deleted.

  • Right to correct 

You may have the right to request that any inaccurate Personal Information maintained about you be corrected.

  • Right of portability 

You may have the right to receive a copy of the Personal Information held about you and, under certain circumstances, request that it be transferred to a third party.

  • Right to opt-out of sale or sharing or targeted advertising 

You may have the right to direct that your Personal Information not be “sold” or “shared” or used for targeted advertising as defined by applicable privacy laws. If you use the Site with a Global Privacy Control opt-out signal enabled, this may be treated as a request to opt out of the “sale” or “sharing” of your information for that device and browser.

  • Restriction of processing

You may have the right to request that the processing of your Personal Information be stopped or restricted.

  • Withdrawal of consent:

Where processing is based on your consent, you may withdraw that consent at any time.

You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial.

You may choose to opt out of receiving certain promotional emails. If you opt out, non-promotional communications may still be sent to you.

You may exercise any of these rights, where applicable, by using the designated tools provided on the Site or contacting [email protected].

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request.

In accordance with applicable US Data Privacy Laws, you may designate an authorised agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.

We will respond to your request for exercising your rights in a timely manner as required under applicable laws, within 45 calendar days from the date of our receipt of your request.

Further information, queries and complaints

If you would like to make a request, please email or write to:

  • By post, addressed to our Data Protection Lead: Riviera Travel, New Manor, 328 Wetmore Road, Burton-on-Trent, Staffordshire, DE14 1SP
  • By email: [email protected]

For your security, we can ask you to verify your identity before we can act on your request or complaint.

Alternatively, you can contact our data protection officer directly by email: [email protected]. Please mark the subject matter of your email: Riviera Travel.

If you are in the European Union (EU), you can also contact our EU representative, GDPR Local, by calling +44 1772 217800.

We aim to resolve all concerns and complaints. However, if you are dissatisfied with our response, you may complain to the relevant national supervisory authority:

United Kingdom (UK):

Information Commissioner’s Office

  • By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Website: https://www.ico.org.uk

European Union (EU):

To find the relevant EU supervisory authority in your country, visit the official European Data Protection Board (EDPB) website: https://edpb.europa.eu/about-edpb/board/members_en 

Canada:

Office of the Privacy Commissioner of Canada

  • By post: Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, Quebec K1A 1H3
  • Website: https://www.priv.gc.ca
  • Phone: 1-800-282-1376

Australia:

Office of the Australian Information Commissioner 

USA: