top of page

Privacy Policy

Effective Date: [June, 2025]
Last Updated: [June, 2025]

Hybrid Vacations (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services or interact with us, in accordance with the UK GDPR and EU GDPR.

​

1. Who We Are

Hybrid Vacations is an independent travel agency offering custom travel and sports vacation packages. We act as a data controller when processing your personal data.

If you have any questions about this Privacy Policy, please contact us at:
Email: [Support@hybridvacations.com]

​

2. What Data We Collect

We may collect and process the following personal data:

  • Identification details (e.g. full name, date of birth, passport details)

  • Contact information (e.g. email address, phone number, home address)

  • Booking information (e.g. travel preferences, camp registration details)

  • Payment details (e.g. billing address, last four digits of your card – payment processing is handled securely by third parties)

  • Health or accessibility requirements (only when necessary for travel arrangements)

  • Marketing preferences (e.g. email subscription status)

​

3. How We Collect Your Data

We collect your personal data when you:

  • Register or book a camp or travel package

  • Submit a travel quote request

  • Communicate with us via email, forms, or social media

  • Subscribe to our newsletters or marketing

  • Visit our website (cookies may apply – see Section 8)

 

4. Why We Use Your Data

We use your personal data for the following purposes:

  • To process and manage your bookings and travel arrangements

  • To provide you with a personalised travel quote

  • To communicate important updates, such as changes to itineraries or services

  • To respond to your enquiries and support requests

  • To send you relevant marketing communications (if you opt in)

  • To comply with legal and regulatory obligations

 

5. Legal Basis for Processing

Under GDPR, we rely on one or more of the following lawful bases:

  • Contract: Processing is necessary for the performance of a contract (e.g. to deliver your travel booking)

  • Consent: You have given clear consent for us to process your data (e.g. for marketing)

  • Legal obligation: We are legally required to keep certain records

  • Legitimate interests: To operate and improve our services, provided your rights are not overridden

 

6. Data Sharing

We only share your data when necessary, including:

  • With travel partners and suppliers (e.g. airlines, hotels, camps) to fulfil your bookings

  • With payment processors to complete transactions

  • With IT and service providers who help operate our business securely

  • If required by law or government authorities

We never sell your data to third parties.

 

7. International Data Transfers

Some of our travel service partners may be located outside the UK or EU. When this is the case, we ensure appropriate safeguards are in place (e.g. standard contractual clauses) to protect your data under GDPR standards.

 

8. Cookies and Website Tracking

We use cookies to enhance your experience on our website. Cookies may collect non-personal data such as device information, browser type, and browsing behaviour.

You can control or disable cookies through your browser settings. For more details, please see our [Cookie Policy] (if you have one).

 

9. Data Retention

We only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

Typically:

  • Booking records: kept for 6 years

  • Marketing data: until you unsubscribe

  • Inactive enquiries: deleted after 12 months

 

10. Your Data Rights

You have the following rights under UK and EU GDPR:

  • Access – Request a copy of your personal data

  • Correction – Request correction of inaccurate data

  • Erasure – Request deletion of your data

  • Restriction – Ask us to limit how we use your data

  • Objection – Object to processing for direct marketing or legitimate interests

  • Data portability – Request data transfer to another service provider

To exercise these rights, contact us at [Insert Email].

 

11. How We Protect Your Data

We use appropriate technical and organisational measures to safeguard your personal data, including:

  • Secure servers and encrypted systems

  • Limited access to authorised personnel

  • Regular review of data practices

 

12. Complaints

If you have concerns about how we handle your data, please contact us first so we can resolve it. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/

 

13. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website with the effective date clearly marked.

​

bottom of page