Privacy policy

Privacy Policy

The Itinerary respects your privacy and is committed to protecting your personal data. This privacy policy explains how we look after your personal data, your privacy rights, and how the law protects you.

1. Policy Statement

This privacy policy describes how Merlin Travel Group Ltd collects and uses the personal information you provide through our website or offline.
The Itinerary is the controller of your personal data and safeguards it in accordance with data protection legislation.
If you have any questions, contact us via email info@theitinerarytravel.co.uk.

2. What Do We Use Your Information For?

We collect personal data when you register, place an order, complete a form, respond to a survey, or contact us.
Your personal data is processed to deliver travel agent services, fulfil bookings, manage accounts, respond to enquiries, and meet legal obligations.

1. Processing bookings and sending confirmations
2. Assessing travel needs and providing suitable services
3. Customer support and communications
4. Improving our website and services
5. Marketing and promotions (where permitted)
6. Legal and regulatory compliance (ATOL / Trust Services)

Failure to provide required personal data may prevent us from processing your booking.

3. What Information Do We Collect?

1. Contact details (name, email, address, phone number)
2. Billing and payment information
3. Website usage and activity data
4. Device and browser information
5. Location-based data (where permitted)
6. Business and demographic information

You may browse our website anonymously by adjusting your browser settings.

4. Disclosure to Third Parties

Acting as a travel agent, we may share your data with third-party suppliers to fulfil your booking.
Data may also be shared with staff, contractors, legal authorities, or transferred during a business sale or merger.
We do not sell your personal data.
Your data is stored in the UK / EU and may be transferred outside the EU when required for travel services.

5. How Do We Protect Your Information?

We use industry-standard security measures, including SSL encryption, secure servers, and restricted access.
While we take reasonable steps to protect your data, internet transmission is not completely secure and is at your own risk.

6. Data Retention

We retain your information as long as your account is active or as required for legal, accounting, or dispute resolution purposes.

7. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy policies or content.

8. Social Networks

Content shared on social media may be publicly accessible. We cannot control how others use shared content.

9. Blogs & Forums

Public areas may be viewed by others. To request removal of personal data, contact info@merlintravelgroup.co.uk.

10. Your Rights

• Access your personal data
• Correct inaccurate data
• Request erasure (where applicable)
• Restrict or object to processing

You may complain to the Information Commissioner’s Office at www.ico.org.uk.

11. Online & Offline Policy

This policy applies to personal data collected online and offline.

12. Terms & Conditions

Please review our website terms and conditions for further information.

13. Changes to This Policy

This policy was last updated on 18 December 2025.

Protecting Your Data & GDPR

This website complies with GDPR, DPA and PECR regulations. We will update this policy as legislation changes.

Cookies

Cookies improve user experience and may be managed through your browser or our cookie control system.

Contact & Communication

Any data provided through contact forms or email is handled securely and used only for intended purposes.

Email Marketing

Subscribers can unsubscribe at any time. Email tracking may be used to improve communications.

External Links & Social Media

Users engage with external links and social platforms at their own risk. We will never request passwords or sensitive details via social media.