Our privacy policy is written in accordance with the EU General Data Protection Regulation (GDPR) regarding the transparency of personal data processing which takes effect from May 2018.
Blue Marine Travel Ltd respects your privacy and is committed to protecting your personal data. This privacy notice will explain how we look after your personal data and inform you of your rights.
What is personal data?
Personal data is any data that can be used to identify you.
Why do we need to collect personal data?
In order for us to fulfil travel requests relating to air / hotel / car hire / transfer and any other travel related service we offer, requested by you or your employer.
We are the sole owners of the information collected from our website and via email. We do not sell the data on to any third party or share your data with any third party other than is necessary to fulfil your request.
We may contact you via email for updates on our products and services and any changes to our policies and procedures.
How long will we keep it for?
We will securely store your personal data on our systems until you notify us that you no longer wish us to do so.
How will this affect me?
We are committed to ensuring that the information we collect and use is appropriate for the purposes of fulfilling your travel requests and does not constitute an invasion of your privacy.
Our aim is not to be intrusive and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Your rights
As a data subject you have rights:
The right of access – you may request access to your data
The right to rectification – if your data is wrong, you may request it is corrected
The right to erasure – you may request your data be erased
The right to restrict processing – you can ask us to stop using your data
The right to data portability – you can ask for a copy of your data in a useful form
The right to object – you can object if you unhappy how your data is being used
The right to complain – if you are still not happy, you can complain to the Information commissioner’s Office (ICO).
For information requests, concerns, objections and complaints in writing to privacy@bluemarinetravel.com
If you are unsure of any of your rights, or have further questions please contact us on privacy@bluemarinetravel.com or call us on +44 1279 661 000
Blue Marine respects your privacy and is committed to protecting your personal data. This privacy notice explains how we collect, use, store, and protect your personal information, and provides you with information about your rights under the laws governing personal data protection, including but not limited to the General Data Protection Regulation (GDPR).
This Privacy Notice aims to provide you with clear and comprehensive information about how Blue Marine collects, processes, and protects your personal data, including any data you may provide through your employer or travel sponsor.
By providing your personal information to Blue Marine, you agree that this Privacy Notice governs the collection, use, and disclosure of your personal data as outlined. In providing your information, you give your consent for us to process your data in accordance with the purposes set out in this Notice.
If you do not agree with any part of this Privacy Notice, you must not provide your personal data to us.
It is important to note that if you choose not to provide us with your personal information, or if you withdraw consent that you have previously given, it may affect our ability to offer certain services to you like travel bookings. Most bookings require the traveller’s full name, contact details, and identification information (such as passport details) to proceed. Without this data, we will not be able to process or confirm your booking.
Please take the time to read this Privacy Notice carefully to understand how we collect, use, and safeguard your personal data, as well as your rights in relation to it.
In cases where you are engaged by an organization that is a client of Blue Marine, and you provide us with your personal data on behalf of your employer or travel sponsor, Blue Marine will process your data as required to fulfil the travel services requested.
When travel services are purchased for you under an arrangement between your employer or travel sponsor and Blue Marine (acting as an agent), please note that:
It is important to understand that, although Blue Marine acts as an intermediary in such arrangements, the service providers may also have their own data processing policies in place, which you may need to review. You should be aware that these providers are responsible for maintaining the security and privacy of your data once it is transferred to them.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data from which the identity has been removed or anonymized. We may collect, use, store, and transfer different types of personal data about you, which we have listed below:
5.1. Identity Data
Identity Data includes information that helps us identify you. This may include:
5.2. Contact Data
Contact Data includes details we use to get in touch with you. This may include:
5.3. Travel Data
Travel Data includes details related to your travel bookings and travel-related documents. This may include:
5.4. Financial Data
Financial Data includes information required to process payments and transactions. This may include:
5.5. Transactional Data
Transactional Data includes information about the transactions you make with us. This may include:
5.6. Profile Data
Profile Data includes details about your preferences, behaviours, and activities related to the services we provide. This may include:
5.7. Marketing & Communications Data
Marketing and Communications Data includes information related to how we communicate with you and your preferences regarding marketing materials, including contact information necessary for us to send you relevant updates
5.8. Statistical Data
We may collect aggregated data for reporting and statistical purposes. This data is derived from your personal data but is not considered personal data under the law, as it cannot identify you directly or indirectly. For example, we may aggregate travel data for internal reports or management information. However, if we combine or connect aggregated data with your personal data in a way that allows us to identify you, we will treat this combined data as personal data and handle it in accordance with this Privacy Notice.
5.9. Special Category Data
We may collect special categories of personal data where necessary to provide tailored services. This may include:
We will only collect personal information in compliance with your local data protection laws. We collect your personal information through the information you provide us during the course of your relationship with us. This includes direct submission by you, your employer, or your travel sponsor. We may also collect personal information when you complete surveys or provide us with feedback, unless you choose to do so under a pseudonym or anonymously.
6.1. Direct Interactions
We may collect personal data directly from you, your employer, or your travel sponsor through various interactions. Your employer or your travel Sponsor or you may give us your Identity, Contact and Financial Data by filling in forms electronically or by corresponding with us by post, phone, and email or otherwise.
6.2. Data Provided Via Client Contract Relationships
In certain cases, personal data may be provided by your employer or travel sponsor for the purposes of fulfilling travel services. In all our contractual dealings with clients, it is explicitly stated that the client (or their designated representative) is responsible for obtaining the necessary authorization to allow Blue Marine to use personal data for the purpose of fulfilling our obligations under the scope of work.
Blue Marine will assume that this authorization has been sought and granted by the client if we receive an authorized travel request or booking. By submitting such requests, the client confirms that they have obtained the appropriate consent or authorization to share the relevant personal data with us for processing.
6.3. Publicly Available Sources
We may collect Identity and Contact Data from publicly available sources. This may include information from publicly accessible databases, social media platforms, professional directories, or other publicly available records.
We only use your personal data where;
7.1. The processing is necessary to provide our services to you: When you, your company, or your travel sponsor book or arrange travel-related products and services through Blue Marine, we typically act as an agent on behalf of the relevant travel service providers (e.g., airlines, hotels, etc.). In this role, we process your personal data as necessary to fulfil the services you have requested. This includes collecting your personal information for our internal purposes, as outlined in this Privacy Notice, as well as for the travel service provider(s) we represent (e.g., to ensure that you receive the booked services).
We may therefore share your information with our travel service providers such as hotel, airline, car rental, or other providers, who fulfil your travel bookings. Please note that these travel service providers also may use your personal information as described in their respective privacy policy and may contact you as necessary to obtain additional information about you, facilitate your travel reservation, or provide you with your requested services.
7.2. The processing is necessary for compliance with our legal obligations: We may need to process your data to comply with applicable laws, such as tax regulations or reporting requirements. We act as agent for or on behalf of many thousands of travel service providers around the world, so it is not possible for us to set out in this Notice all of the travel service providers for whom we act or their locations.
7.3. The processing is necessary for our legitimate interests or those of third-party recipients: In certain cases, we process personal data based on legitimate business interests, provided that these interests do not override your rights and freedoms. For example, we may use your data to improve our services, conduct market research, or prevent fraud.
Below, we describe the ways in which we will use your personal data (whether on our own behalf or acting on behalf of your employer or travel sponsor), along with the legal bases we rely on to process it. Where applicable, we have also identify our legitimate interests.
8.1. Register Traveller Information
When registering you as a traveller, we collect data like your full name, email address, phone numbers, employer details, physical address, passport number, additional documents (e.g., driver’s license, seaman book), gender, and date of birth. If applicable, details about your travel companions (e.g., name, contact details, travel preferences) will be collected. You may also choose to provide additional information for your traveller profile, including credentials or emergency contact information.
Legal Basis & Legitimate Interest: The processing is necessary for the performance of a contract with you, your employer, or your travel sponsor.
8.2. Book Travel Services
In addition to the profile information mentioned above, we collect details necessary to book your travel services including arrival and departure locations, airline details, hotel bookings, car rentals, and any other information required for booking your travel. We may also collect information to accommodate special requests, such as accessibility needs, meal preferences, or other specific services you may require.
Legal Basis & Legitimate Interest: The processing is necessary for the performance of a contract with you, your employer, or travel sponsor.
8.3. Process & Deliver Services
To process and deliver your travel services, we may need to:
8.3.1. Manage Payments, Fees, and Charges: This includes processing payments for travel services, handling fees, and managing any charges related to your bookings.
8.3.2. Collect and Recover Money Owed: Information needed to collect or recover money owed to us for services rendered.
In addition to the above, we may collect payment card information and other details necessary to complete these financial transactions.
Legal Basis & Legitimate Interest: The processing is necessary for the performance of a contract with you, your employer, or your travel sponsor, and for our legitimate interest in recovering dues owed for services rendered.
8.4. Relationship Management
Relationship management involves keeping you informed about important updates related to our services including notifying you of changes to our terms and conditions or privacy policy, informing you of incidents that may affect your services or bookings, sending advisory newsletters or communications related to your travel. Data collected include identity, contact, profile, and marketing & communication data.
Legal Basis & Legitimate Interest: The processing is necessary for the performance of a contract with you, your employer, or your travel sponsor, for compliance with legal and statutory obligations, and for our legitimate interest in keeping our records updated and analysing how customers use our products and services.
8.5. Participation in Survey & Competition
To engage with you in surveys or competitions, we collect data pertaining to your identity, contact, profile, and marketing & communication.
Legal Basis & Legitimate Interest: The processing is necessary for the performance of a contract with you, your employer, or your travel sponsor, for compliance with legal obligations, and for our legitimate interest in building customer relationships and growing our business.
8.6. Business Development
We may collect Identity and Contact Data to explore and seek new business opportunities, such as identifying potential customers or partnerships.
Legal Basis & Legitimate Interest: The processing is necessary for our legitimate interests in growing our business and engaging in marketing activities.
8.7. Statistical Data Analytics
We may process data for statistical and analytical purposes. Data collected includes your identity, contact, travel, financial, and transactional data, which may be aggregated to form analytical insights.
Legal Basis & Legitimate Interest: The processing is necessary for the performance of a contract with you, your employer, or travel sponsor, and for our legitimate interests in understanding customer types, improving our website, developing our business, and refining our marketing strategy.
Blue Marine may share your personal data with third parties for the purposes outlined above. This includes service providers such as airlines, hotels, and other entities that fulfil travel-related services. It is important to note that if travel or associated services are purchased for you under an arrangement between your employer or travel sponsor and Blue Marine, Blue Marine acts as an agent. In this case, the relevant service provider will be responsible for the security of the personal data it receives and for ensuring compliance with applicable laws. Blue Marine is not responsible for the actions or omissions of these service providers.
We may transfer your personal data within the Blue Marine Group of Companies, to local TMC Partners, and to service providers where such international transfers are necessary for the performance of a contract between you, your employer, or your travel sponsor. These transfers may involve sending your data outside national boundaries, including to regions such as the European Economic Area (EEA).
Many of our service providers are based outside the EEA, so the processing of your personal data may involve an international transfer. When transferring your data overseas, we take steps to ensure that your personal data is protected and that at least one of the following safeguards is in place:
10.1. Adequacy Decision: We only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
10.2. Standard Contractual Clauses: When we use service providers based in countries without adequate protection, we may implement specific contractual agreements to ensure that your data is protected in line with our standards.
It is important to note that, in some cases, information may be transferred to overseas recipients who are located in jurisdictions where you may not be able to seek redress under your local data protection laws. These jurisdictions may not offer the same level of data protection as your home country. To the extent permitted by local data protection laws, Blue Marine will not be liable for how these overseas recipients handle, store, and process your personal data.
We have implemented appropriate security measures to protect your personal data from being accidentally lost, used, and accessed in an unauthorized way, altered, or disclosed.
11.1. Site Access Control
We take steps to prevent unauthorized persons from gaining access to the physical sites where data is processed and stored.
11.2. System Access Control
We ensure that only authorized individuals can access our data processing systems, preventing unauthorized use.
11.3. Data Access Control
We ensure that individuals authorized to use a data processing system can only access the data they are permitted to view. Data cannot be read, copied, modified, or removed without proper authorization during processing, use, or storage.
11.4. Disclosure Control
We establish protocols to monitor where and to whom data can be transferred, ensuring that only authorized transmissions occur.
11.5. Input Control
We maintain checks and audit logs to track whether, when, and by whom data has been entered, modified, or removed from our data processing systems.
11.6. Order Control
We ensure that any personal data processed on behalf of a customer is done in strict accordance with the customer’s instructions.
11.7. Availability Control
We protect data from accidental destruction or loss by ensuring that appropriate backup and recovery measures are in place.
11.8. Notification Control
In the event of a material breach of any of the security controls listed above, we will promptly notify the customer. If there is a breach of confidential data, we will notify the customer within 72 hours of identifying the breach.
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider factors such as the nature, amount, and sensitivity of the personal data, potential risks associated with unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether those purposes can be achieved through other means, and applicable legal and regulatory requirements.
By law, we are required to keep basic information about our customers (including contact, identity, financial, and transaction data) for a period of six to seven years after the customer relationship ends, depending on the legal requirements in the relevant country (primarily for tax purposes). In certain instances, you may request that we anonymize your personal data after a specified period of non-use of our services.
In certain circumstances, you have specific rights under data protection laws regarding your personal data. These rights include:
13.1. Request Access: You have the right to request access to the personal data we hold about you (commonly known as a “data subject access request”). This allows you to receive a copy of your data and confirm that we are processing it lawfully.
13.2. Request Correction: You can request the correction of any incomplete or inaccurate data we hold about you. We may need to verify the accuracy of any new data you provide.
13.3 Request Erasure: You may request the deletion or removal of your personal data where there is no valid reason for us to continue processing it. You also have the right to request erasure if you have successfully exercised your right to object to processing, if your data has been processed unlawfully, or if we are required to erase your personal data to comply with local law. However, please note that we may not always be able to comply with your request due to specific legal reasons, which we will notify you of, if applicable, at the time of your request.
In case you request us to stop using your personal data or withdraw your consent to process it, this may affect our ability to provide services to you. For example, travel bookings typically require the traveller’s full name, contact details, and identification (e.g., passport). Without this information, we may not be able to process your booking.
If you have any questions or concerns about how we process your personal data, or if you wish to exercise any of your rights, please contact us via email at:
Behind every call and email is one of our experienced Travel Consultants who will understand your needs and is committed to assisting without delay.
