Privacy Policy – Crystal Sky Travels Ltd
Last Updated: August 28, 2025
At Crystal Sky Travel, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information.
1. Introduction
We are committed to protecting your privacy. This policy explains how we collect, use, and safeguard your data in compliance with the UK GDPR and Data Protection Act 2018.
2. Data Controller
- Crystal Sky Travels Ltd is the data controller of your personal data.
- For any queries, contact our Data Privacy Manager at [insert email/contact].
3. What Data We Collect
- Personal data: names, addresses, emails, phone numbers, date of birth, passport details.
- Booking details: flights, accommodation, special requests.
- Payment information (processed securely).
- Special category data: medical, dietary, or accessibility information provided voluntarily.
4. Use of Data
- To process bookings and issue travel documents.
- To communicate with you about your trip.
- To comply with legal obligations (e.g. ATOL, HMRC).
- For marketing purposes (only if you opt-in).
5. Sharing of Data
- With suppliers (airlines, hotels, tour operators) to fulfil your booking.
- With authorities where required (immigration, border control).
- Never sold to third parties.
6. Data Transfers
- Some suppliers may be located outside the UK/EU.
- Where this occurs, we ensure adequate safeguards are in place (e.g. standard contractual clauses).
7. Where this occurs, we ensure adequate safeguards are in place (e.g. standard contractual clauses).
- We keep booking data for 7 years to meet financial and legal obligations.
- Marketing data is retained until you opt out.
8. Your Rights
- Right to access, rectify, or erase your data.
- Right to restrict or object to processing.
- Right to data portability.
- Right to lodge a complaint with the ICO.
9. Cookies
- Our website uses cookies for analytics, performance, and improving user experience.
- You may manage or disable cookies in your browser.