Fair Processing Notice
Our Fair Processing Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).
The Fair Processing Notice will become effective from 9th May 2018.
1.1 We take your privacy seriously and you can find out more here about your privacy rights and how we gather, use and share your personal information – that includes the personal information we already hold about you now and the further personal information we might collect about you, either from you or from a third party. How we use your personal information will depend on the products and services we provide to you.
1.2 Our Data Protection standards in the UK provide help and guidance to make sure we apply the best standards to protecting your personal information. Please write to us if you have any questions about how we use your personal information. See section 3 Your Privacy Rights for more information about your rights and how our DPO can help you.
1.3 This Privacy Notice provides up to date information about how we use your personal information and will update any previous information we have given you about using your personal information (also referred to as personal data). We will update this Privacy Notice if we make any significant changes affecting how we use your personal information, and if so we will contact you to let you know about the change.
2. About us
We are what is known as the 'controller' of personal information we gather and use. When we say 'we' or 'us' in this Privacy Notice, we mean CSE PLC is authorised by the IATA licence we hold. This licence is reviewed annually by the IATA licencing board. By holding this lisence we have to conform to very high regulatory standards as set out by IATA (for further information about the IATA licencing regulations please visit www.IATA.org).
If you are a customer of CSE Plc, you are legally insured against any third party such as an airline or travel operator going into administration.
3. Your privacy rights
3.1 You have the right to object to how we use your personal information. You also have the right to see what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else.
You can make a complaint to us by finding the best way to be in touch via the details on our website: You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office, at https://ico.org.uk. To make enquires for further information about exercising any of your rights in this Privacy Notice please contact our offices by post at CSE PLC, Alexander Stadium, Walsall Road, Birmingham, West Midlands, B42 2LR, England.
4. What kinds of personal information we use
4.1 We use a variety of personal information depending on the products and services we deliver to you. For all products and services, we need to use your name, address, contact details and information to allow us to check your identity and information. For some products and services we may need additional information, for example travel insurance, if so requested:
- health details for certain insurance products or to support vulnerable customers.
4.2 Sometimes where we ask for your personal information needed to enter into a contract with you or to meet a legal obligation (such as a credit check), we will not be able to provide some products or services without that personal information.
4.3 All UK companies are required by law to state where and how cash funds have been collected before such funds can be banked. Under our much tighter regulations, we are now obliged to provide adequate proof that cash payments have come from a legitimate source which is mandatory under the banking constitutional laws within the UK. As such we will not be able to accept cash payments without signed documentation from the individual for or on behalf of the organisation or federation they represent. In this instance it may be necessary for you to make a legal declaration and submit your personal contact details as well as the head of your organisation in case further clarification is required by our bank. We would therefore require you to complete further details, such as the official address of your organisation, email address, telephone number, fax number and the reason for the cash payment i.e. payment for hotel accommodation at a specific event and in which currency it was paid. A copy of this declaration would be passed to our bank and a copy would be kept on file.
5. How we gather your personal information
We obtain personal information:
- directly from you, for example when you fill out an application or booking form;
- by observing how you use our products and services, or those of other members of our company, for example from the operation of your requests and how we best fulfil such requisite services, in the interests of best practice.
- from other organisations such as credit reference and fraud prevention agencies;
- from other people who know you professionally and people you are linked to financially.
We also may obtain some personal information from monitoring or recording calls and when we use CCTV. We will record or monitor phone calls with you for regulatory purposes, for training and to ensure and improve quality of service delivery, to ensure safety of our staff and customers, and to resolve queries or issues. We also use CCTV on our premises to ensure the safety and security of our staff.
6. How we use your personal information
To provide you with any products and services we need to know your name, address, date of birth, details of your current and previous countries of residence/citizenship, and a copy of identification documents (such as a passport or driving licence). We might also need health information to help support our customers who have a vulnerability.
We sometimes need to gather, use and share additional personal information for specific purposes, which are set out in more detail below.
6.1 To operate and administer our products and services, including dealing with your complaints and fixing our mistakes, we will use:
6.2 To administer payments to and from you, we will use:
6.3 To make credit decisions about you (including new applications for credit or requests to increase credit limits) we will use:
6.4 To advise on the suitability of our services and/or our company liability insurance to provide cover for you, we will use:
6.5 To comply with our legal obligations, to prevent financial crime including fraud and money laundering we will use:
6.6 To comply with our legal obligations, to support our vulnerable customers:
7. Our legal basis for using your personal information
7.1 We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
a. we have your consent (if consent is needed);
b. we need to use the information to comply with our legal obligations;
c. we need to use the information to perform a contract with you; and/or
d. it is fair to use the personal information either in our interests or someone else's interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services, market to you, or collaborate with others to improve our services.
Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent. See section 12, clause 12.2 for details about how to withdraw your consent to marketing.
7.2 Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
a. we have a legal obligation to do so (for example to protect vulnerable people);
b. it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
c. it is in the substantial public interest;
d. it is necessary for the prevention or detection of crime;
e. it is necessary for insurance purposes; or
f. you have specifically given us explicit consent to use the information.
8. Sharing your personal information with or getting your personal information from others
8.1 We will share personal information within our company and with others outside of CSE PLC (such as hotels/transportation companies) where we need to do that in order to make accommodation and transportation services available to you, market products and services to you, meet or enforce a legal obligation or where it is fair and reasonable for us to do so. We will only share your personal information to the extent needed for those purposes but this is done on a ‘need to know’ basis only.
8.2 Who we share your personal information with depends on the products and services we provide to you and the purposes we use your personal information for. For most products and services we will share your personal information with our own service providers such as our IT Suppliers, with credit reference agencies and fraud prevention agencies.
8.3 Most of the time the personal information we have about you is information you have given to us or gathered by us in the course of providing products and services to you. We also sometimes gather personal information from and send personal information to third parties where necessary for credit checking and fraud prevention or marketing purposes, for example so you can receive the best offers from us and our partners.
9. Transfers outside the UK
9.1 We may need to transfer your information outside the UK to other Group companies, service providers, travel agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the European Economic Area, such as the USA.
10. How long we keep your personal information for
10.1 How long we keep your personal information for depends on the products and services we deliver to you. We will never retain your personal information for any longer than is necessary for the purposes we need to use it for.
11. Keeping you up to date
11.1 We will communicate with you about products and services we are delivering using any contact details you have given us - for example by post, email, text message, social media, and notifications on our app or website.
11.2 Where you have given us consent to receive marketing, you can withdraw consent, and update your marketing preferences by visiting a branch or calling us directly. For contact details, visit our website: www.cseplc.com. You can also update your contact preferences by calling us directly on + 44 (0) 121 647 4090 or by fax: +44 (0) 121 647 4999.
12. Your online activities