GDPR NOTICE The General Data Protection Regulation (GDPR) came into effect in the European Union on 25th May 2018. Its purpose is to strengthens the rights of data users (i.e. you). Any organisations that do business in the European Union or the European Economic Area must comply with the GDPR. It it is specifically aimed at protecting any data that could be used to identify a European Citizen, either directly or indirectly, and once we we hold or process personal data on EU residents we must comply with the GDPR. While most of our visitors are not EU residents, we have always felt that we have a legal and moral responsibility to protect all personal data shared with us and will comply with the terms of the GDPR with regards to all our customers. Of course, to process you tour information, there are certain details that we need to request from you, otherwise we would be able to perform our duties. These would include your email address, the names of the people travelling, and in certain cases address, passport, gender and date of birth details. None of this data is held by us on any online server or service while it is being used, and once we no longer require the data, we undertake to remove all details apart from your contact email and names, as these could be required for future correspondence with you relating to your tour. We also undertake to redact these details from emails you have sent us once we have utilised the data for the purpose it was required for. We will never sell this data to any other entity, nor will be share it with anyone else, except in cases where it is specifically required for your tour e.g. to assign rooms when booking hotels on your behalf etc. The GDPR includes non-text data including photographs. Any photographs used by us on this site or in our brochures that include visitors on previous tours have all been used with their permission, and except in cases where we have specifically given undertakings to give accreditations for the use of photographs taken by some of our visitors, no visitors are personally identified by name. Because we will no longer retain information once it has been used for the purpose that we received it, we may be required on certain occasions to request this information from you again (e.g. if you requested late amendments to your itinerary) and we apologise for this in advance. The purpose of the GDPR is to strenghten the rights of data subjects in several key areas. These include a requirement by us to notifiy regulators in the event of any data breach, a right for you to request that any data we hold on you be erased (also known as 'The Right To Be Forgotten), a Right of Data Portability (i.e. that we send you a copy of any data we hold on you), a Right To Global Profiling (i.e. we cannot use the data we collect with data from other souces to create a profile of you). One area that is specifically related to our international business with clients in the USA is in connection with transferring data internationally. EU/EEA companies must ensure, when sending outside the EU/EEA that the organizations receiving the data have adequate safeguards in place. This is usually achieved via the EU-US and Swiss-US Privacy Shield Frameworks which allows companies on both sides of the Atlantic to comply with data protection requirements when transfering data to and from the USA, and allow US companies to be certified as being compliant by following a self-regulation process. A summary of the main principles of the GDPR include: a) Be transparent and use personal data only for known purposes disclosed in advance b) Make sure the personal data is relevent for the purposes for which it was collected and not kept longer than necessary c) Take appropriate security measurements to protect the data d) Honor individuals rights e) Assure that any trans-border transfers are handled in accordance with customers' rights f) Pay special attention to the handling of sensitive personal information g) Where personal data is used for direct marketing, ensure that the data subjects have the ability to opt out as needed