Privacy Statement

Impala Customer Privacy Policy

We are Impala Travel Technology Limited (referred to as "Impala", "we", "us" or "our" in this privacy policy) are incorporated and registered in England and Wales with company number 10098314 whose registered office is at 86-90 Paul Street, London, England, EC2A 4NE (Supplier). This policy sets out the basis on which any personal data we collect will be processed by us as a data controller. We act as a data controller when we determine how and why personal data is processed (e.g. when you make contact with us via our website). In this privacy policy, references to 'you' or 'your' is to you as an individual.

In some circumstances, Impala processes consumer personal data of people making travel bookings, we refer to this group of people as "end users". We process end user data as a data processor on behalf of our customers. We act as an intermediary in relation to the facilitating, creating and managing of bookings with hotel suppliers and in those circumstances, we process end user identity information, contact information and financial information for the purposes of facilitating bookings. In those circumstances, our customer (the company offering travel services to end users) is the data controller in respect of end user personal data. For more information about how they process personal data as a data controller, please see their privacy policy.

Please read this privacy policy carefully to understand our views and practices and your rights regarding your personal data. By visiting our website, using our services, or by otherwise providing us with your personal information, it will be processed as described in this policy.

What information do we collect from you?

Personal data, or personal information, means any information about an individual from which that person can be identified.

We will collect and process the following data about you:

• Information you give us. This is information about you that you give us by filling in forms on our site or through our API (application programming interface), or by corresponding with us by phone, email or otherwise. The information you give us may include your name, job title, profession and company name, address, email address and phone number. We will also collect any relevant financial information to facilitate payment.

• Information we collect from your use of our website and services. With regard to each of your visits to our site we will automatically collect the following information and may use cookies or similar technologies to do so:

  • technical information, such as the Internet protocol (IP) address used to connect your device to the Internet, whereabouts you connected to our service, your internet service provider (ISP), your operating system, which other websites referred you to us and the site you exit us to, and what type of device you are using to access our service; and
  • analytics information, such as what parts of our services or website you access and interact with and any referring sites that directed you to our website.

Why do we collect this information?

We process your personal information for the following reasons:

• Pursuant to a contract in order to:

  • process information at your request to take steps to enter into a contract and facilitate bookings;
  • process payments;
  • resolve service issues; and
  • send service communications so that you receive a full and functional service and so we can perform our obligations to you.

• On the basis of your consent :

  • Where we rely on your consent for processing this will be brought to your attention when the information is collected from you; and
  • We will contact you with direct marketing communications if you consent to us doing so and you have the right to withdraw consent at any time. See the What are your rights? section below for more information.

• In our legitimate interests of providing the best services to you and improving and growing our business we will process data for the purpose of:

  • providing you with a personalised service;
  • improving our website, our API and our services;
  • keeping our site and systems safe and secure;
  • understanding the effectiveness of our marketing;
  • understanding market trends; and
  • defending against or exercise legal claims and investigate complaints.

You have the right to object to processing carried out for our legitimate interests. See the What are your rights? section below for more information.

• To comply with legal requirements relating to:

  • the provision of the services;
  • data protection;
  • anti-money laundering or fraud;
  • health and safety;
  • assisting law enforcement; and
  • any other legal obligations placed on us from time to time.

How long do we keep hold of your information?

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any applicable legal, regulatory, tax, accounting or reporting requirements. In the event of a complaint or if there is a prospect of litigation regarding our relationship or dealings with you, we may retain your personal data for a longer period.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data (and whether we can achieve those purposes through other means) and the applicable legal, regulatory, tax, accounting or other requirements. Personal data is not typically stored for longer than 6 years after the end of our relationship with you.

Who might we share your information with?

For the purposes set out in the 'Why do we collect this information?' section above, we will share your personal information with the following categories of third parties, some of whom we appoint to provide services, including:

• suppliers and sub-contractors for the performance of any contract we enter into with you, this includes service providers who provide IT and system administration services and IT service providers we use to host or maintain our website and digital services;
• analytics providers that assist us in the improvement and optimisation of our website and service; and
• service providers who provide marketing services or CRM (customer relationship management) software.

We will provide your personal information to third party travel service providers (e.g. hotels) as part of the service that we offer. They will process your personal data as a controller and you should consult their privacy policy in relation to their processing of your information.

Additionally, we will disclose your personal information to a third party:

• If we are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our customers, our regulator, or others.

How is your data stored and kept secure?

At Impala Travel Technology Limited, we take your safety and security very seriously and we are committed to protecting your personal and financial information. All data collected will be protected by suitable security procedures. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website or service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

International Transfers

Many of our external third parties (including hotel suppliers) are based outside the UK so their processing of your personal data will necessarily involve a transfer outside the UK.

When we transfer your personal data outside the UK, we will only do so if adequate protection measures are in place in compliance with data protection legislation. More information is available by contacting us.

What are your rights?

Where processing of your personal data is based on consent, you can withdraw that consent at any time.

You have the following rights. You can exercise these rights at any time by emailing us at privacy@impala.travel. You have the right to:

• withdraw consent, where personal data is processed on the basis of your consent;
• ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes;
• ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
• ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest;
• request from us access to personal information held about you;
• ask for the information we hold about you to be rectified if it is inaccurate or incomplete;

• to ask for data to be erased provided that:

  • the personal data is no longer necessary for the purposes for which it was collected;
  • you withdraw consent (if the legal basis for processing is consent);
  • you exercise your right to object, set out below, and there are no overriding legitimate grounds for processing;
  • the data is unlawfully processed;
  • the data needs to be erased to comply with a legal obligation or the data is children's data and was collected in relation to an offer of information society services;
• to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing); and
• to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.

In the event that you are not satisfied with our (or the applicable data controller's) processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner's Office (ICO) in the UK, at any time. The ICO's contact details are available here: https://ico.org.uk/concerns/.

Cookies

We use cookies and similar technologies to distinguish you from other users of our site. This helps us to provide you with a good experience when you use our site.

Cookies can be controlled by any tools we make available on our site or by your web browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please use the following links:

• Internet Explorer cookies information
• Chrome cookies information
• Firefox cookies information
• Safari cookies information

Please be aware that by blocking all cookies you may not be able to access or use all the features of our website and you will not receive a personalised service.

Contact Us

Impala Is the data controller for the processing set out in this policy. If you have any queries about this privacy statement, or wish to complain, please contact us or our Data Protection Officer by email at privacy@impala.travel.

Changes to our privacy policy

This policy may be updated from time to time. Please check back frequently to see any updates or changes to our privacy policy. This policy was last updated in April 2021.