Silhouetted mountain peak at sunrise with an orange sky and misty clouds around the base.

Privacy Policy & Personal Data Protection

Last updated: 21 September 2025

Introduction  

Penman Travel Co. (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you book travel services with us, visit our website, or contact us. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are  

Penman Travel Co. is a UK‑based travel agency providing holiday packages, flights, accommodation, cruises, and related travel services. We act as both a principal and an agent for various suppliers, depending on the service booked.

What Data We Collect  

We may collect:

  • Personal details (name, date of birth, contact information, passport details)

  • Payment information (card details, billing address)

  • Travel preferences and special requirements (including dietary, mobility, or medical needs)

  • Booking history and communications with us

  • Website usage data (via cookies – see our Cookies Policy)

How We Use Your Data  

We process your personal data to:

  • Confirm and manage your bookings

  • Issue travel documents and ATOL/ABTA certificates where applicable

  • Communicate important updates about your travel arrangements

  • Meet legal and regulatory requirements

  • Process payments and prevent fraud

  • Send you relevant offers and updates (only with your consent)

Legal Basis for Processing  

We process your data under one or more of the following lawful bases:

•  Contract: to fulfil our agreement with you

  • Legal obligation: to comply with UK law and travel regulations

  • Legitimate interests: to operate and improve our services

  • Consent: for marketing communications

Sharing Your Data  

We may share your data with:

  • Travel suppliers (airlines, hotels, cruise lines, tour operators)

  • Insurance providers (if purchased through us)

  • Regulatory bodies (e.g., CAA, ABTA)

  • IT and payment service providers will only share the minimum data necessary and ensure appropriate safeguards are in place.

International Transfers  

Some suppliers are outside the UK/EEA. Where this occurs, we ensure adequate protection through standard contractual clauses or equivalent safeguards.

Data Retention  

We keep your data only as long as necessary for the purposes collected, usually up to 7 years for legal and accounting requirements.

Your Rights  

You have the right to:

  • Access your data

  • Request correction or deletion

  • Restrict or object to processing

  • Withdraw consent (where applicable)

  • Lodge a complaint with the ICO (www.ico.org.uk)

Contact Us  

For privacy queries, email: sharon@penmantravel.co.uk