Privacy Policy | Walk Your Way

Privacy Policy
Walk Your Way Limited

1. Who We Are

Walk Your Way Limited (Company Number: 16810136), referred to as "We," "Us," or "Our," acts as the Data Controller of your personal data. This means we determine how and why your personal data is processed.

Our registered address is 82a James Carter Road, Mildenhall, Bury St Edmunds, IP28 7DE. We are registered with the Information Commissioner's Office (ICO), registration number: ZC033667.

2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you:

Identity Data: Name, marital status, title, date of birth, and gender.
Contact Data: Billing address, delivery address, email address, and telephone numbers.
Financial Data: Bank account details (for bank transfers) and payment card details (we do not store these details ourselves - we use Stripe as our payment provider).
Transaction Data: Details about payments to and from you and other details of the trips you have booked with us.
Profile Data: Your booking preferences, feedback, and survey responses.
Special Category Data: Any dietary requirements, allergies, or health details you provide us that are relevant to your trip. We only process this data with your explicit consent and strictly for the purpose of fulfilling your booking (e.g., passing on to accommodation providers).
Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, and operating system.

3. How We Collect Your Data

We use different methods to collect data from and about you, including:

Direct Interactions: You provide us with your Identity, Contact, and Financial Data when you:
- Request a proposed itinerary.
- Make a booking for a trip.
- Complete a post-trip feedback form.
Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data about your equipment and browsing actions. We collect this data using cookies, server logs, and other similar technologies.
Third Parties: We may receive Transaction and Contact Data from our third-party payment provider, Stripe.

4. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we use your data on the following lawful bases:

To register you as a new customer
- Data Used: Identity, Contact
- Lawful Basis: Performance of a Contract
To process and deliver your booking (accommodations, transfers)
- Data Used: Identity, Contact, Financial, Transaction, Special Category Data
- Lawful Basis: Performance of a Contract and Legitimate Interest (to run our business)
To manage payments, fees, and charges
- Data Used: Financial, Transaction
- Lawful Basis: Performance of a Contract and Necessary for compliance with a legal obligation
To send you trip-related communications
- Data Used: Identity, Contact
- Lawful Basis: Performance of a Contract
To send you marketing material (if you opt-in)
- Data Used: Identity, Contact
- Lawful Basis: Consent (you can withdraw this at any time)
To use anonymised feedback for marketing
- Data Used: Profile Data
- Lawful Basis: Legitimate Interest (to promote our business)

5. Disclosure of Your Personal Data

We may share your data with the following parties:

Suppliers: We must share your Identity Data, Contact Data, and Special Category Data with the suppliers necessary to deliver your trip, including accommodation providers, baggage transfer companies, and local transport operators.
Payment Processors: We use Stripe to handle card payments. Stripe securely handle and process your credit card payments on our behalf.
Travel Trust Account Provider: We must share basic details of your booking (booking reference number, your name, departure date, return date and the value of your booking), with the administrators of the travel trust account - Serenity Travel Trusts - which is used to hold your payments securely until your trip is complete.
Regulators: The ICO and other regulators where we are legally required to do so.

6. Data Security and Retention

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.