At Into Russia, we understand that how we collect, use, disclose and protect your information is important to you.
In this data protection declaration, we use the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• We will not collect Personal Information without your knowledge and permission;
• We will take reasonable steps to protect the security of the Personal Information we collect from you;
We use Google Analytics to help us evaluate the effectiveness of our marketing. We will not and will not allow any third party to use Google Analytics to track or to collect any personal data of visitors to our website.
When you contact us via email (reservation@into-russia), via contact form or by calling us, we may collect your email address and/or telephone number. We will not share your personal data with any third party. We will only use your contact details to send our special offers and promotions via Mailchimp Newsletter. At any time you have the right to have your data deleted from our internal database.
The use of the Internet pages of Into Russia Ltd is possible without any indication of personal data; The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Into Russia Ltd.
As the controller, Into Russia Ltd has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
The data protection declaration of Into Russia Ltd is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR).
Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Into Russia Ltd / Into World Travel Ltd
27 Old Gloucester Street London WC1N 3AX
Phone: 0207 603 5045
Information we collect about you
Depending on the circumstances, in the course of providing a service to you, the Into Russia Ltd may collect and hold personal information such as:
• your name, date of birth, gender, postal address, telephone number, email address, passport details, medical information and travel insurance details (where applicable);
• details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
• any additional information relating to you that you or a third party has provided to us directly or indirectly through our travellers’ or agents’ phone enquiry lines, websites, online presence, customer surveys or to our in-store or other representatives.
Information that we collect (such as about your health for example) may be considered “sensitive information” under the Privacy Act. We collect it to provide you with our services, cater to your needs or act in your interest, and we are only prepared to accept sensitive information on the condition that we have your consent.
If you visit our website we may also collect information that is not personal information to improve the experience for our customers. This information may include the pages you visit, your IP address, browser type and language, and the date and time of your visit. We cannot identify you individually from this information. Some of this information is collected using cookies.
How do we collect personal information?
You may volunteer this information when you request information from us, contact us (and vice versa), make a booking, register interest for and/or enter a competition, subscribe to our newsletters, use our website(s), link to or from our website(s), connect with us via social media, by speaking to a consultant by phone or in person or any other engagement we or our business partners have with you.
We may also receive the information from a third party, for example:
• from people making travel bookings on your behalf;
• your insurer, their agents or medical staff may disclose relevant information and sensitive personal information with us in circumstances where we/they need to act on your behalf or in the interest of passengers or in an emergency.
We will update your information whenever we can to keep it current, accurate and complete.
You represent and warrant to us that you have obtained all required consents and are fully authorized to disclose all personal information you provide to us including without limitation personal information of your friends and family members provided in connection with making travel bookings.
Why do we collect, use, hold and disclose your information?
We collect personal information about you so that we can perform our business activities and functions and to provide the best possible quality of customer service.
We may collect, hold, use and disclose your information for the following purposes:
• administering services we are providing to you such as arranging your tour booking
• some countries will only permit travel if you provide your advance passenger data. These requirements may differ depending upon your destination and you are advised to check. Even if not mandatory, we may exercise our discretion to assist where appropriate
• manage our relationship with you, including updates about your tour booking and handling complaints to contact you in the event of an emergency
• combining information collected from you at different times for the purpose of research and analysis to provide a better customer experience, including customising online content for you
• to identify and tell you about services we think you may be interested in, including sending email newsletters or sending printed materials to your postal address
• providing relevant information, which may include sensitive personal information, to insurers, their agents and medical staff in circumstances where we/they need to act on your behalf or in the interest of passengers or in an emergency.
• to make improvements to our site(s) and make it easier to find the information you are looking for
• for identification of fraud or error or for regulatory reporting and compliance
When you provide your email address to Into Russia Ltd to make a booking, your contact details may be retained even if the transaction is not completed. These details are captured using a secure service. This is so we can assist you in future with bookings, and as a result of this you may receive a follow up enquiry email. This email will contain information on what action, if any, you can choose that will direct us to cease any further contact with you or destroy the personal information we have collected about you.
We are only permitted to store your personal information for as long as necessary having regard to the purposes for which it was collected or a related or ancillary purpose. We may therefore delete your personal information after a reasonable period of time and, if you have not used our services for some time, you may have to re-enter or re-supply your personal information to us.
Subscription to our newsletters
On the website of Into Russia Ltd, users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.
Into Russia Ltd informs its customers and business partners regularly by means of a newsletter about news and special offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorised to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any by contacting us directly.
The operating company of MailChimp is The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
The newsletter of Into Russia Ltd contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Into Russia Ltd may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimise the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. Into Russia Ltd automatically regards a withdrawal from the receipt of the newsletter as a revocation.
Who do we disclose your information to?
We may disclose your personal information as follows:
• We may share your personal information within our company and to our suppliers for the purposes of providing products or services to you, research and marketing purposes. Any marketing purposes will be conducted in accordance with our ‘Marketing and Privacy’ statement below.
• We may disclose your personal information to our employees, contractors or third party service providers located in the United Kingdom or in any other country related to your booking request for the purposes of the operation of our website or our business, fulfilling requests by you, managing your bookings, responding to your enquiries and to otherwise provide products and services to you, including, without limitation, to airlines, tour companies, travel agencies, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants.
• We may share information with third parties in limited circumstances without your consent where we reasonably believe the disclosure is necessary to lessen or prevent a threat to life, health or safety, or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), where disclosure is authorised or required by law or disclosure is otherwise permitted by applicable privacy laws.
• In order for you to travel abroad, we may disclose your personal information where disclosure is required by government authorities at the point(s) of departure and/or destination to process your information for immigration, border control, and security and anti-terrorism purposes.
Trans-Border Data Flows
When you provide, or otherwise allow us to collect, your personal information, you consent to your personal information being disclosed to relevant related entities and third party recipients abroad.
In providing our services to you, it may be necessary for us to disclose personal information to relevant entities abroad. For instance, we may need to disclose personal information to the third party recipients, such as relevant travel service providers for the purpose of arranging your booking with them.
Where we disclose your personal information to a third party recipient, your personal information will generally be received in the country in which the recipient will provide the services to you or in which their business is based. Unless otherwise contemplated herein or otherwise permitted or required by applicable law, we will only disclose your personal information to these recipients abroad in connection with facilitation of your travel booking and/or to enable the performance of administrative and technical services by them on our behalf.
We deal with many different service providers all over the world, so it is not possible for us to set out in this Policy all of the different countries to which we may send your personal information. However, if you have any specific questions about where or to whom your personal information will be sent, please contact us in writing.
Security of Information
Into Russia Ltd has implemented various physical, electronic and managerial security procedures in order to protect personal information from loss and misuse, and from unauthorized access, modification, disclosure and interference. Into Russia ltd regularly reviews security and encryption technologies and will strive to protect your personal information as fully as we protect our own confidential information.
Credit card security
• Into Russia Ltd does not store your credit card number in any of our systems, it is used only within the context of the transaction then destroyed upon receipt from an acquiring bank.
• All credit card payments receive an identification number that is proof of the transaction's acceptance into the banking system. This identification number can be used to trace any transaction back to the credit card issuer (for example, the bank that issued the MasterCard, or VISA credit card).
• Personal information is destroyed or de-identified when no longer needed.
Whilst we take reasonable steps to ensure that your personal information is secure, as the internet is inherently insecure, any personal information or other information you transmit to us online is transmitted at your own risk.
• we may not be able to provide the requested products or services to you, either to the same standard or at all;
• we may not be able to provide you with information about products and services that you may want, including information about discounts, sales or special promotions;
• we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.
How do I access and correct my personal information?
You can enquire about personal information we hold about you by using the contact details below. We will need to verify your identity before disclosing personal information. Please allow up to 10 business days for us to process your request, however we will endeavour to deal with your request sooner.
You can ask us to update any inaccurate, incomplete or out-of-date information we hold about you using the contact details below. There is no fee to make an enquiry or request in relation to your information, or for us to add to, correct or update our records.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
Marketing and privacy
We may from time to time use your personal information to identify new or existing products that we believe may be of interest to you. We may communicate this via email, phone or your postal address. If you no longer wish to receive these updates via email, you may opt-out by clicking the unsubscribe link contained in the message.
We do not share, sell or rent information to any third parties for the purposes of direct marketing.
Use of TOOLS/"COOKIES" and links to other websites
Lodging a complaint
If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it.
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation, the name, title, and contact details of the investigating person and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.
You can contact us by:
• calling us on +44 (0)207 603 5045
• emailing us at email@example.com
We will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your query or complaint is resolved in a timely and appropriate manner.
What are cookies?
Cookies are unique to the web browser you're using - so if you're using a desktop computer as well as a mobile, different data will be collected for each. You can find more information on the About Cookies website www.aboutcookies.org
Cookies can be set by the owner of the website you're on. These are known as 1st Party Cookies. There are also 3rd Party Cookies that can be set by partner websites. Only the owner of the cookie can see the anonymous information it collects.
You can choose to accept all cookies, reject 3rd Party Cookies or reject all cookies by changing your internet browser settings. If you don't accept cookies, some features of our website won't work.
By using our websites, you agree to us using cookies as set out in this statement.
How the cookies are used
• Collecting information: This means we can learn more about how you use our website so we can improve our products and online experience.
• Tailoring your experience: Cookies allow us to provide you with information, products and services that we think you'll find interesting.
• Making our marketing relevant: We can show you relevant offers and promotions on our own websites and through our advertising networks.
• Make it possible for you to use our website
• Show you information and offers that are relevant to you
• Find out more about how our customers use the site
Improving your experience
We can find out how you move around our website, so we can look into any errors stopping you from being able to do what you want. The data we collect from cookies is really important for us to improve your experience.
Making your experience personal
We can find out how you move around our website, so we can look into any errors stopping you from being able to do what you want. The data we collect from cookies is really important for us to improve your experience.
Advertisements on other websites
Types of cookies we use
You may choose to opt-out of Google Analytics using the Google Analytics Opt-out Browser Add-on which you may access at https://tools.google.com/dlpage/gaoptout/.
Refusing cookies after you've accepted
You can change your browser settings to accept or refuse all cookies, choose which cookies you want or don't want, or ask to be notified when a cookie is set. Use the help feature in your browser to see how.
Changing your mind after you've accepted our cookies
Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority;
(h) the right to withdraw consent.
1. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data.
2. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
3. In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
4. In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
5. You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
6. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
7. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
8. You may exercise any of your rights in relation to your personal data by written notice to us.
Last updated: 17 May 2018