Privacy Policy

Last updated: 9 September 2025

​

1) Who we are (the controller)

Hythe & Seek Travel (“we”, “us”, “our”) is the controller of your personal data when you use our services, visit our websites or contact us.

Company details:

• Registered Office: 4 Corner House Buildings, Red Lion Square, Hythe, Kent CT21 5BD

• Company Registration Number: 16476999

• Travel Trust Association Membership Number: X0923

Contact:
Email: hello@hytheandseektravel.com
You can also contact our privacy lead at the same address for any questions about this policy.

​

2) What this policy covers

This policy explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, and the rights you have. We review this policy regularly and will post updates here.

​

3) The data we collect

We collect the minimum data needed to arrange travel and run our business, for example:

• Identity & contact: name, title, date of birth (if needed for travel), email, phone, postal address, emergency contact

• Travel details: itinerary, booking references, loyalty or award programme numbers, seat or meal preferences, passport details and visa information where required

• Payment details: payment method, transaction details (we do not store full card numbers if processed by a payment provider)

• Profile & preferences: usual departure city, destination interests, accommodation and activity preferences, accessibility needs

• Communications: enquiries, feedback, survey responses, marketing preferences

• Technical & usage: IP address, device identifiers, cookie IDs, pages viewed, interactions with emails such as opens

• Special category data (only when necessary and with explicit consent): for example health or dietary information relevant to your trip

​

4) How we collect your data

• Directly from you online, by phone, email, forms, social channels, in person

• From other travellers or bookers acting on your behalf, for example a group organiser

• From suppliers when managing your existing reservations, for example schedule changes

• Automatically via cookies and similar technologies when you use our sites or apps (see Cookies & Analytics)

​

5) Why we use your data (lawful bases)

We only use your data when we have a lawful basis under UK GDPR:

• To perform a contract or take steps at your request: make and manage bookings, communicate about itineraries, changes and support, take payment

• Legitimate interests: improve and secure our services, personalise recommendations, train staff, manage risk and fraud, keep appropriate business records. We balance these interests against your rights

• Consent: sending marketing via email or SMS where consent is required, processing special category data such as health information for mobility assistance. You can withdraw consent at any time

• Legal obligations: tax, accounting and regulatory reporting, responding to lawful requests

• Vital interests: share necessary information in emergencies

​

6) Marketing

If you opt in, or where permitted by law for existing customers, we may send news, offers and inspiration about travel products and services, including those of trusted partners. You can unsubscribe at any time via the link in our emails or by contacting us.
We do not sell your personal data.

​

7) Cookies & analytics

We use cookies, pixels and similar technologies to make our site work, remember your preferences, analyse usage and measure the effectiveness of our communications and adverts.

• You can manage non-essential cookies via our cookie banner or your browser settings

• We use Google Analytics (currently GA4) to understand site usage. Google may process pseudonymous identifiers such as cookie IDs, with IP truncated where configured. We do not use Google Analytics to identify you personally or to associate analytics data with your booking information. You can opt out using your browser’s settings or Google’s opt-out add-on

If you use our mobile site or app and enable location services, we may process approximate location to show relevant offers or nearby services. You can disable location at the device level.

​

8) Sharing your data

We share only what is necessary, with:

• Travel suppliers and intermediaries: airlines, rail operators, cruise lines, tour operators, destination management companies, accommodation providers, car hire, insurance providers, visa services, and global distribution systems to fulfil your bookings

• Service providers (processors): payment processors, IT or cloud hosting, CRM, email, survey tools, customer support, analytics and security providers under contract and subject to confidentiality

• Other travellers or bookers in your party where needed for group arrangements

• Authorities and emergency services where required by law or to protect vital interests

• Professional advisers and auditors for legal, accounting and compliance

We require processors to protect your data and act only on our instructions.

​

9) International transfers

Some recipients are outside the UK, including the EEA and countries like the United States. Where this happens, we ensure appropriate safeguards, such as:

• UK adequacy regulations for the destination country, or

• UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses, and

• additional technical or organisational measures where appropriate

You can contact us for a copy of relevant safeguards. Redactions may apply.

​

10) Data retention

We keep your data only as long as necessary for the purposes above, including to meet legal, accounting and reporting requirements. Typical retention:

• Bookings and related records: 6–7 years for tax or contract

• Marketing preferences and communications: until you opt out or your consent is withdrawn, plus a short suppression period to respect your choice

• Cookies or analytics: per cookie lifespan and analytics settings

We will securely delete or anonymise data when no longer needed.

​

11) Security

We apply administrative, technical and physical measures to protect personal data, including access controls, encryption in transit, secure configurations, staff training and audits. No system is 100% secure. We maintain and test safeguards and act on suspected incidents.

​

12) Your rights (UK GDPR)

You have rights over your personal data, including to:

• Access a copy of your data

• Rectify inaccurate or incomplete data

• Erase data where applicable

• Restrict or object to certain processing, including profiling based on legitimate interests or direct marketing

• Data portability for information you provided to us with consent or contract as the basis

• Withdraw consent at any time. This will not affect prior processing

• Complain to the ICO. See below

To exercise your rights, contact us using the details above. We may request proof of identity. We respond within one month. Extensions may apply in complex cases.

​

13) Children

Our services are not directed to children under 13. We only process a child’s data for travel when provided by, and with the consent of, a parent or guardian, or as required to perform the contract for family bookings.

​

14) Automated decision-making

We do not make decisions producing legal or similarly significant effects solely by automated means. If this changes, we will let you know and explain your rights.

​

15) Links and social plug-ins

Our site may link to third-party websites or include social plug-ins. Those services are governed by their own privacy notices and terms. We are not responsible for their practices. Please review their policies.

​

16) Monitoring & quality assurance

We may monitor calls, emails and messages for training, compliance and service quality, and to investigate fraud or security issues, in line with applicable laws.

​

17) How to complain

If you are unhappy with how we handle your data, please contact us first so we can put things right. You also have the right to complain to the UK Information Commissioner’s Office (ICO):
ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

​

18) Changes to this policy

We may update this policy to reflect changes in law or our practices. We will post the new version here and update the Last updated date. Material changes may also be notified by email or on our website.

Contact: Natalie Whitcombe — hello@hytheandseektravel.co.uk