Privacy Policy

1. Who We Are

Nicole Rotheram Travel (“we”, “us”, “our”) operates as an independent travel consultant under Not Just Travel, a trading division of Hays Travel Limited (ABTA K9413).

For the purposes of UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we act as a data controller in relation to personal data collected directly through this website and during the provision of our travel services.

Contact email: Nicole.rotheram@notjusttravel.com

2. The Personal Data We Collect

We may collect and process the following categories of personal data:

  • Name and title

  • Contact details (email address, telephone number, postal address)

  • Date of birth and passport details (where required for travel bookings)

  • Travel preferences and requirements

  • Information provided via enquiry forms or consultation bookings

  • Health or accessibility information necessary for travel arrangements

  • Payment information (processed securely via authorised payment providers)

  • Records of communications between you and us

  • Technical data such as IP address, browser type and website usage data

We only collect information that is necessary to provide quotations, arrange bookings and deliver travel-related services.

3. How We Use Your Personal Data

We use your personal data to:

  • Respond to enquiries and provide travel quotations

  • Arrange and administer travel bookings

  • Communicate with you about your travel plans

  • Provide customer support

  • Meet legal, regulatory and financial obligations

  • Prevent fraud and ensure security

Our lawful bases for processing under UK GDPR include:

  • Performance of a contract or taking steps prior to entering into a contract

  • Compliance with legal obligations

  • Legitimate interests in operating and managing our business

  • Consent (where required, such as for marketing communications)

4. Sharing Your Personal Data

To obtain accurate quotations and arrange travel services, your personal data may be shared with:

  • Not Just Travel and Hays Travel Limited

  • Airlines, hotels, cruise lines, tour operators and other travel suppliers

  • Destination management companies

  • Insurance providers

  • Payment processing providers

  • Governmental or regulatory authorities where required

Personal data may be shared at the quotation stage where necessary to confirm pricing and availability, and at the booking stage to secure travel arrangements.

We do not sell or rent your personal data to third parties.

Some suppliers may be located outside the UK. Where personal data is transferred internationally, appropriate safeguards are applied in accordance with UK data protection law.

5. Special Category Data

Where you provide information relating to medical conditions, dietary requirements, mobility needs or other sensitive data relevant to your travel arrangements, this will only be processed where necessary to facilitate your trip and ensure appropriate arrangements are made.

Such information will only be shared with suppliers where strictly required.

6. Financial Protection

Bookings are made through Not Just Travel, a trading division of Hays Travel Limited (ABTA K9413). Where applicable, flight-inclusive bookings are ATOL protected.

7. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil contractual obligations

  • Comply with accounting, tax and regulatory requirements

  • Manage disputes or claims

  • Meet insurance and industry record-keeping standards

When data is no longer required, it is securely deleted or anonymised.

8. Your Rights

Under UK data protection law, you have the right to:

  • Request access to your personal data

  • Request correction of inaccurate data

  • Request erasure of data where legally permissible

  • Restrict or object to processing

  • Request data portability

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests may be made in writing to the contact email listed above.

9. Marketing Communications

If you opt in to receive marketing communications, you may withdraw your consent at any time by using the unsubscribe link provided or by contacting us directly.

We do not send unsolicited marketing communications.

10. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure.

11. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect legal or operational changes. The most current version will always be available on this website.