Support Centre
Call us, we're open today 9.00am - 5.30pm Open today 9.00am - 5.30pm 01252391140 01252391140
Trip Search
Loading results
Loading your trip
Need a last minute getaway? Great savings on
Last minute trips


Privacy glossary

While we try our best to use plain and simple language, we recognise that there will be some jargon. This section aims to provide simple definitions for some of the common privacy terminology;
Applicable law
The law with which any personal data processing must comply. In this case, the applicable law is England and Wales.

These are small pieces of data that are placed on your device’s browser (e.g. PC) when you access a website. Cookies are used for a variety of purposes, including enabling features on a website, helping us to understand which parts of our websites are the most popular, where website visitors are going, and how much time they spend there.
Data aggregation 
Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. A common aggregation purpose is to get more information about particular groups based on specific variables such as age, profession, or income.
Data controller
A data controller is a person in an organisation that determines how and why personal data is to be “processed” (this includes using, storing and deleting the data). The data controller is responsible for this personal data, and for ensuring that processing of the data fully satisfies the requirements of the applicable law.
Data processor
A data processor is an organisation that has been contracted to process personal data on behalf of a data controller. Responsibility for the data remains with the data controller, but data processors have contractual obligations to ensure that the processing activities are performed to meet the requirements of the data controller.
Data Protection Act 2018
The Data Protection Act 2018 (DPA 2018) is a UK law that defines the ways in which information or data related to an identified or identifiable person, such as name, age, telephone number, email and mailing address ("Personal Data") may be legally used and handled, known as “processed”.
Encryption, such as Secure Sockets Layer (SSL) encryption, is a system for protecting data, used when collecting or transferring sensitive data, such as credit card details or other personal data. Encryption is designed to make the data unreadable by anyone but the intended recipients.
UK General Data Protection Regulation (UK GDPR)
The UK GDPR is the UK version of the General Data Protection Regulation which sets minimum standards for data protection and privacy for all individuals in the UK. It also addresses the export of personal data outside the UK. The UK GDPR aims primarily to give control to citizens and residents over their personal data and the original purpose was to simplify the regulatory environment for international business by unifying the regulation within the EU.
Hotelplan UK Group companies
Hotelplan is a large European travel group with headquarters in Switzerland, owned by Migros, the leading Swiss co-operative retailer.  
Hotelplan (U.K. Group) Ltd. Is the parent company of our award winning UK family of brands, which includes Inghams, Esprit, Santa’s Lapland - all based in Godalming, Surrey. Inntravel, based in Whitwell, York.  Explore Worldwide, based in Farnborough, Hampshire. Regaldive, based in Ely, Cambridgeshire.
Personal data
Personal data is any information which relates to an identified or identifiable individual.

Examples include name, address, phone number, email address, national insurance number, credit card number, driver’s license number, passport number or other government issued ID number, bank account number, hobbies, usage patterns, family members and income.

Special category data 
Special category data includes personal data revealing or concerning personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs; trade union membership; genetic data; biometric data (where used for identification purposes); health; a person’s sex life; and a person’s sexual orientation. We will only process this kind of personal data with your express consent or where we are authorised by law to do this for employment purposes.  
Personal data management
Personal data management is the set of processes and controls used to ensure that personal data is handled appropriately, to meet our internal and legal requirements.
Privacy policy
Privacy policy is a legal document that discloses how a company gathers, uses, discloses and manages the personal data provided by an individual (such as a customer, partner, employee or potential employee). While this is a legal document, a privacy policy aims to provide transparency about these information handling practices, so should ideally be written in clear and simple language.
Unsubscribe link
If you would like to unsubscribe from an email sent to you, follow the 'unsubscribe' link and/or instructions placed (typically) at the bottom of the mail. If you use more than one email address to shop or contact us, you need to unsubscribe from each email account that you use.
Web beacons
Web beacons, also known as single pixel or clear gif technology, or action tags, tells us which visitors clicked on key elements (such as links or graphics) on an Explore webpage or email.
3rd parties
These are non-Hotelplan companies contracted to perform functions on our behalf, such as fulfilling bookings, delivering contractual obligations such as airlines, coach companies, hotels etc., sending postal mail and emails, sending text messages (SMS), providing marketing assistance, etc.