Privacy policy
Your privacy is important to us and we are committed to ensuring that your personal data is protected.
- Background and Scope
- Who we are
- What Personal Information Do We Collect
- What Do We Do With The Information We Gather
- Who Else May See Your Data
- Using Your Information In Accordance With Data Protection Laws
- Children And Other Travel Companions
- Marketing Lists
- Is personal information transferred overseas?
- Where We Store Your Personal Data
- Data Security
- How Long We Keep Your Information
- Your Rights in relation to the personal information we collect
- Feedback / Complaints / Subject Access Requests / Contact
- Links To Other Websites
- How We Use Cookies
- Changes To This Privacy Policy
1. Background and Scope
This privacy notice sets out how we use and protect any personal data that you give us in person, via email, phone or that we collect when you use this website (www.scottdunn.com) or our app. This notice is limited to the personal information which we collect and use about you.
Third parties, including those who operate websites which we link to in our site or app, may collect and use other information about you, and if you want to find out about what data they collect and how they use it you should refer to their privacy notice.
We will never misuse or sell your data to anyone. We ensure any data we hold is stored securely using various physical, electronic and procedural safeguards.
Should we ask you to provide personal data when using our services or our website or app, then you can be assured that it will only be used in accordance with this privacy notice.
We may change this notice from time to time by updating this page and you should check this page to ensure that you are happy with any changes. This notice is effective from 25 March 2024.
2. Who We Are
We are Scott Dunn ("Scott Dunn", "We", "Us"). We are a group of companies specialising in tailor-made and luxury holidays around the world and together we operate the website and app. For the purposes of the General Data Protection Regulation 2016/679 (“GDPR”) and other similarly situated legislation we are a “data controller” (or equivalent) for the processing of personal information you provide to us in connection with services we provide. Our group is comprised of the following companies:
United Kingdom (company registered in England and Wales)
Scott Dunn Limited (registration number 2021650)
Mindspace Hammersmith, 1 Butterwick, London, W6 8DL
United States
Scott Dunn USA Inc.
San Diego, California
420 North Cedros Avenue, Suite 102, San Diego, CA 92075, United States
New York, New York
114 W 41st, 4th Floor, New York, NY 10036, United States
Singapore
Scott Dunn Singapore PTE Ltd.
Raffles City Tower #15-02(A), 250 North Bridge Road, Singapore 179101
3. What Personal Information Do We Collect
Personal data refers to any information related to an identified or identifiable individual. This includes any details that can directly or indirectly identify a person, such as names, email addresses, location data, or online identifiers.
Special category data, also known as sensitive data, includes details about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health information, sexual orientation, or sexual life.
We collect and use ("process") your personal data when you use our website and our mobile application, register with us, complete a booking form, fill response cards, subscribe to mailing lists, enter competitions, participate in market research and when you contact us online and offline. This information includes:
3.1 Information you give us.
Personal Data:
- Contact information (such as name, date of birth, contact information, address;
- Passport details, nationality;
- subscription and demographic information such as preferences, interests, age and family information;
- information relating to your holiday such as reviews, blogs, image or video uploads, questionnaire data, holiday enquiries and brochure or marketing request;
- information relating to quoting and booking a travel service, including destinations, countries and products you are interested in, information regarding family and travel companion(s) such as names, addresses, emergency contacts, special service needs, passport information, dates of birth, insurance information, visa information, nationality, frequent flier program membership details, flight details (in the event that flights are not booked with us) and country of residence;
- information you freely give us to set up a honeymoon list service;
- information you give us when you complete surveys, participate in competitions, give feedback, take advantage of offers, take part in market research, fill in forms on our site or mobile app, correspond with us and when you make complaints;
- any other information that you voluntarily give us that is relevant to travel planning or feedback.
3.2 Information we collect about you.
We may automatically collect the following information when you use our site, our app or when you access our marketing information or contact us by email, online enquiry or phone:
- browsing information (including the manner in which you navigate our website and your booking journey), referral information, purchase and search history; the domain and IP address that your computer uses to connect to the internet;
- information about your computer or device (such as the screen resolution and type of device, e.g. Mac or Windows), browser type, operating system, internet connection, referral information;
- telephone information including phone numbers, call duration and call recordings for incoming calls;
- transcripts of conversations over and records of details you complete through our online enquiry forms;
- details such as your username when you interact with us on social media (e.g. you tag us or mention us in a post).
- Publicly available information we may collect from external publicly available sites if you are applying to join our exclusive membership only club.
3.3 Information provided to us by or collected from third parties.
We may collect the following information from third parties:
- the information mentioned in section 33.1 of this notice (above) which is provided to us by your family members, travel companions or other persons who manage your travel arrangements;
- we update address information from the Royal Mail "Change of Address" file;
- Google Analytics provides us with information about your visit to our website. This covers session information, length of visits, repeat visits, page interaction information (such as clicks and mouse movements), and search terms which lead you to our website;
- contact details given to us by partners who have run competitions for Scott Dunn products.
4. What Do We Do With The Information We Gather
We use information held about you in the following ways:
- to tailor trips to you and your travel companions;
- to book the travel services you have booked through our travel partners globally;
- to book flights on your behalf and on behalf of your travel companions;
- to send you travel related documentation such as booking confirmations;
- to maintain contact with you during the booking process;
- to send you newsletters and/or marketing information if you make an enquiry or booking with us OR if you consent;
- to maintain our records and audit our business;
- to comply with regulatory requirements and requests for information received from regulators and competent authorities;
- to train our staff and improve our business, products and services;
- to market our business on third party websites;
- to contact you for market research purposes;
- to personalise and customise the content of our website according to your interests;
- to tailor the content of our marketing to you;
- to retain factual information which can be relevant to resolving disputes;
- to prevent and to assist in the detection of crime;
- to maintain and communicate with you about your account with us;
- to provide you with services you request from us and to otherwise enter into and perform contracts with you, including providing customer support;
- to administer and improve our site and app, including ensuring that online content is presented to you in the most effective and/or personalised manner, remembering your preferences and allowing you to participate in interactive features;
- to maintain and improve the integrity and security of our systems and data;
- to measure the effectiveness of marketing;
- to carry out market research.
5. Who Else May See Your Data
We may share your information, only to the extent that such sharing is necessary for achieving the purposes listed above, with the following third parties:
- Travel businesses for the purpose of providing our services to you, namely local ground operators, airlines, hoteliers, transport companies, car hire companies and other travel companies involved in delivering the services we provide you.
- Google, Meta and DotDigital and other providers of marketing services for the purpose of marketing our business.
- Data analytics service providers such as Google (using Google Analytics), for the purpose of improving our customers' experience and targeting advertising.
- Cloud storage providers for storage of electronic documents and information, including Mimecast which is an email back up service.
- Delivery companies PurePrint and Bespoke-ly are engaged for delivery of direct mail and gifts and as such will receive only minimum required information to carry out this activity.
- Competent authorities in jurisdictions you may be travelling to where this is required to comply with applicable laws and regulations. Advanced Passenger Information (API) is required by many countries prior to arrival (or departure). API information includes personal identity information such as name, passport details, visa information, nationality, transit and destination data. Airlines and transport companies are required to transmit this information by law and data entry is requested at the time of ticket issue. To comply with these regulations we pass the relevant information to the transport companies who transmit the information to the relevant authorities.
- Companies within our group, meaning our subsidiaries, our ultimate holding companies and their subsidiaries, which we share our operations with. Sub-contractors engaged by us for the purpose of operating our business and delivering our services. These may include providers of technology services such as providers of hosting, IT and web services.
- Law enforcement or fraud prevention agencies, as well as our legal advisers, courts and any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters, and to ensure the safety of others and the property of others.
- Prospective purchasers and purchasers of our business or assets for the purpose of considering the prospective sale of our business or assets and for carrying on the business.
- Our legal advisors and the courts for the purpose of enforcing our rights.
6. Using Your Information in Accordance with Data Protection Laws
Data protection laws require that we meet certain conditions before we are allowed to collect or use your data in the manner described in this privacy notice. To use your personal data, we will rely on one of the following conditions, depending on the purpose for which we use your data:
Necessity for entering into / performing contracts with you: When we agree to provide you with a service which you request from us a contract is formed between you and us. In order to enter into and perform this contract we will need to process certain data. Failure to provide the requisite personal information will unfortunately mean we cannot provide our products to you. You cannot object to our use of personal data which is necessary for entering into or performing a contract with you.
Consent: We may provide you with certain marketing information about our services/products or those of a third party where you have provided your consent for us to do so. You may withdraw your consent at any time. Please note that we may send you marketing information without your consent about services/products which are similar to those we previously supplied to you or which we previously negotiated about, provided that in such cases you have an absolute right to object to/opt out of receiving further marketing information.
Explicit consent: When we are collecting special category data such as health data or meal preferences which can reveal religious and/or philosophical beliefs, we will seek your explicit consent before collecting such data.
Necessity for compliance with legal obligations which apply to us: We collect and process the contact information of other persons who you request that we provide our services to so that we can communicate this privacy notice to them in compliance with our legal obligations under data protection law. We also keep a list of individuals who have objected to us sending them marketing information so that we are able to ensure that we respect their right to do so by not sending them any further marketing communications.
Necessity for our legitimate interests or the legitimate interest of a third party: To use your personal data for any other purpose described in this privacy notice, we will rely on a condition known as "legitimate interests". In order to do so we must be able to show that we have a specific legitimate interest for which it is necessary that we process your personal data, and that your interests, fundamental rights and freedoms do not override our relevant legitimate interest. This requires that we carry out a balancing exercise which is detailed below:
Legitimate business interest pursued
We have a legitimate interest in:
- providing our services, effectively and efficiently (e.g. we rely on this legitimate interest when we process data about travel companions of the person making bookings with us since we can only rely on the necessity for performing a contract condition mentioned above to process data about individuals we have a contract with);
- using your details to service enquiries effectively and efficiently;
- using your details to contact you when you have interacted with us previously e.g. if you contact us over social media, to return a phone call or follow up with you after you have travelled;
- operating our website and app in an efficient, effective and user friendly manner;
- improving our services;
- promoting our business and services including by sending magazine, newsletters and organising competitions;
- effectively operating and managing our business in an organised manner;
- maintaining and improving the integrity and security of our systems and data that we hold;
- enabling and assisting businesses and persons involved in the provision of services you request, such as airlines, hoteliers and transport companies, to comply with their legal and regulatory obligations;
- ensuring that we are able to demonstrate that we comply with applicable laws and regulations;
- cooperating with competent authorities, including in the detection and prevention of crime.
In order to provide our services we may also, on occasion, need to process sensitive personal data. This is likely to be limited to information relating to your health for the purpose of providing special services you request, managing dietary requirements and arranging for insurance.
For us to use this data, data protection laws require that we meet additional conditions (apart from the ones listed above). We process sensitive personal data about you only if we are able to satisfy one of the following conditions:
- Explicit consent: When you have explicitly consented to us processing the sensitive data for a specific purpose. You can withdraw consent at any time.
- Necessity to protect your vital interests when you are unable to give us consent: In a situation where the consent obtained by us does not cover a form of data processing which is required to safeguard your vital interests, we will rely on this condition. This may be applicable, for example, where we need to share data with a third-party provider of medical services where the consent you have given us does not cover such sharing.
7. Children and Other Travel Companions
This privacy notice also applies to children and others on whose behalf you request our services.
As it is not always possible for us to deal with such individuals personally, we need to rely on the assumption that you have parental guardianship, where the individual is a child or have a right or consent to share their personal data with us, if they are an adult. Where you ask us to send booking information directly to another person on whose behalf you make a booking, we will send that person a copy of this privacy notice. However, in all other cases, we need you (if you are making the booking) to communicate this privacy notice to all individuals whose personal data you provide to us as we are not able to do so directly.
We do not accept responsibility for the processing of personal data of individuals who have not been informed about this processing due to your failure to share this privacy notice with them. We encourage you to explain the contents of this privacy notice to any children who you ask us to provide our services to, and we would be happy to do so ourselves if they contact us.
8. Marketing Lists
We keep a list of individuals who request our services, with their contact details, so that we can send them information about similar products and services we provide. Any person included in this list can, at any time, instruct us to stop sending them such information. Every marketing communication from us will also contain an explanation of how individuals can stop receiving similar communications.
We do not market to children and under no circumstances will persons that we believe to be under the age of 18 be knowingly added to our marketing list.
9. Is personal information transferred overseas?
We may disclose your personal information to certain overseas recipients, as set out below. We will ensure that any such international transfers are either necessary for the performance of a contract between you and the overseas recipient or are made subject to appropriate or suitable safeguards as required by your local data protection laws (e.g. GDPR, China cybersecurity law, etc.).
It is possible that information will be transferred to an overseas recipient (other than any of our overseas related entities) located in a jurisdiction where you will not be able to seek redress under your local data protection laws and that does not have an equivalent level of data protection as in your jurisdiction. To the extent permitted by your local data protection laws, we will not be liable for how these overseas recipients handle, store and process your personal information.
- Our Overseas related entities. Scott Dunn is headquartered in UK but has entities in US and Singapore. Your personal information may be disclosed to our overseas related entities in connection with facilitation of your travel booking and/or to enable the performance of administrative, advisory and technical services, including the storage and processing of such information.
- Travel service providers located overseas. In providing our services to you, it may be necessary for us to disclose personal information to relevant overseas travel service providers. We deal with many different travel service providers all over the world, so the location of a travel service provider relevant to your personal information will depend on the travel services being provided. The relevant travel service providers will in most cases receive your personal information in the country in which they will provide the services to you or in which their business or management is based.
- Our third-party service providers are located overseas. We may also disclose your personal information to third parties located overseas for the purpose of performing services for us, including the storage and processing of such information. Generally, we will only disclose your personal information to these overseas recipients in connection with facilitation of your travel booking and/or to enable the performance of administrative and technical services by them on our behalf.
10. Where We Store Your Personal Data
Due to the nature of our business, your personal data may be transferred outside the European Economic Area to our carefully selected suppliers in order for us to provide you with the services you enquire about and book through us. Data protection and privacy regulations in some of these countries do not require the same high level of protection for personal data as that provided in the EEA. As per our obligations under data protection laws we will take all necessary steps to ensure such data transfers are compliant. We transfer your personal data on the basis that this is necessary for us to enter into and fulfil our contract with you.
11. Data Security
Data security is of the utmost importance to us, and we are committed to ensuring the information we collect from you is secure. In order to prevent unauthorised access or disclosure, we have put in place physical, electronic and managerial procedures to safeguard and secure the information we collect online and offline.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site/your account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
12. How Long We Keep Your Information
We will only retain personal data for as long as is required for the purpose for which we collected it.
Different retention periods apply to different items of information. For example, we retain your contact details and preferences for a period of seven years from your last enquiry or booking to ensure the best possible service on future bookings. However, credit card payment details are deleted once payments have been made.
If you would like more information about the specific retention periods, please contact our Data Protection Officer and Privacy team using the contact details provided below (see section 14 x).
Once the relevant retention period expires, the data and all copies of it will be deleted or physically destroyed, safely and securely.
13. Your Rights in Relation to the Personal Information We Collect
If you wish to make a Subject Access Request to:
- access, update, modify, rectify, erase, object to, or obtain a copy of the personal information that we hold on you; or
- restrict or stop us from using any of the personal information which we hold on to you, including by withdrawing any voluntary consent you have previously given to the processing of such information; or
- where any personal information has been processed on the basis of your consent or as necessary to perform a contract to which you are a party, request a copy of such personal information in a suitable machine-readable format or have that personal information transmitted by us to another controller,
you can request this by contacting us as set out in section 14 below. You will receive acknowledgement of your request.
We endeavor to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests or as otherwise permitted by applicable law.
We reserve the right to deny you access for any reason permitted under applicable laws. Such exemptions may include national security, corporate finance and confidential references. If we deny access or correction, we will provide you with written reasons for such denial unless it is unreasonable to do so and, where required by local data protection laws, will note your request and the denial of same in our records.
You have the right to lodge a complaint with a relevant supervisory authority.
Further correspondence regarding your request should only be made in writing to the Data Protection Officer and Privacy as set out in section 14 below.
Please note that, if you request that we restrict or stop using personal information we hold on you or withdraw a consent you have previously given to the processing of such information, this may affect our ability to provide services to you or negatively impact the services we can provide to you.
You must always provide accurate information and you agree to update it whenever necessary. You also agree that, in the absence of any update, we can assume that the information submitted to us is correct, unless we subsequently become aware that it is not correct.
You can at any time tell us not to send you marketing communications by email by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below (section14).
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of personal information.
To the extent permissible by law, we reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal information, and for any additional copies of the personal information you request from us.
14. Feedback / Complaints / Subject Access Requests / Contact
You can direct any questions or complaints about the use or disclosure of your personal information to the contact information below.
Wherever you are in the world, if you wish to make a Subject Access Request to inform us of a change or correction to your personal information, request a copy of the information we collect on you, request deletion of your information or would like to restrict the further processing of your data, please use the Subject Access Request link in the table below. We will respond to these requests within the time period required by the applicable jurisdiction.
- Global Subject Access Requests: Submit a request
Similarly, if you have any enquiries, comments or complaints about this Notice or our handling of your personal information, please contact your consultant or the Chief Privacy Officer using the details set out below and we will respond as soon as practicable.
- Region / Business: Americas
- Email dataprotection@scottdunn.com
- Postal Address: Chief Privacy Officer, 5 Paragon Drive, Suite 200, Montvale, NJ 07645
- Region / Business: Asia
- Email: dataprotection@scottdunn.com
- Postal Address: Chief Privacy Officer, 30 Cecil Street, #22-01/08, Prudential Tower, Singapore, 049712
- Region / Business: Europe & the Middle East
- Email: dataprotection@scottdunn.com
- Postal Address: Chief Privacy Officer, Flight Centre (UK) Limited 4th Floor, 120 The Broadway, Wimbledon, London, SW19 1RH
15. Links To Other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the security and privacy of any information which you provide whilst visiting third party sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notices applicable to the website in question.
16. How We Use Cookies
A cookie is a small text file that is stored on your computer or other device when you visit a website. They are very widely used in order to make websites function properly, or more efficiently, as well as provide information to the owners of the site.
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages people find useful and which not. A cookie in no way gives us access to your computer or any personal information about you, other than the data you choose to share with us. We use cookies to collect information about your usage of our website. This helps us to give you the best possible user experience.
Third party vendors, including Google, show our adverts on sites on the internet and use cookies to serve adverts based on a user's prior visits to our website. Users may opt out of Google's use of cookies by visiting the Google advertising settings page.
If you do not consent to the use of cookies, please ensure that your browser or computer/device is set to reject cookies or prompt you before accepting third party cookies. Not consenting to the use of cookies may prevent you from taking full advantage of the website.
For more information about the cookies we use, please read our cookie policy.
17. Changes To This Privacy Notice
Any changes to this privacy notice in the future will be posted on this page and we will take all measures necessary to communicate any changes to you. Please check back frequently to see any updates or changes to this privacy notice.
This Privacy Notice was last updated on 14 May 2024.