In this Notice, the use of “we”, “us” and “our” refers to Norfolk Broads Direct Limited, Norfolk Broads Direct Limited is the controller of your personal information and is registered as a Data Controller with the Information Commissioners Office. Our registration number is Z2172715.
Please read this notice in conjunction with our Terms and Conditions of Booking.
We collect information about you from several different methods
When you book a holiday directly with us we collect the following personal information to enable us to administer and provide your holiday
We do not record telephone calls.
If you book your holiday via a Booking Agent, the Agent will request the information listed in 1.2. The Booking Agent my also request additional personal information.
Our Booking Agents are
When you book a day craft from us we will collect and store the following information
The information that you provide us will be used:
We will not send you any marketing information unless you opt in to receive this information.
You can opt-in to receiving marketing information at the time of booking your holiday or by informing the booking office of your request.
You can opt-out of receiving marketing information by contacting us via phone, email or post.
Your personal information is stored with a booking system provided by Holray Systems Limited who act as a Data Processor. Holray Systems Limited can only process your Personal Information in accordance to specific instructions given by us. Holray Systems are also required to implement and appropriate technical and organisational measures to protect your information from unauthorised or unlawful processing and against accidental loss, destruction, damage alteration or disclosure.
Your personal information is stored by us in paper form.
In the event of you cancelling your holiday with us, we may request and process sensitive personal information about you or the affected party member (s). this information is only retained for as long as necessary to process the cancellation and this information is then disposed of in a secure manner.
We do not store any payment card information. When booking online you are redirected to SagePay – our payment provider – and they process online payments on our behalf. Payments made via telephone are recorded before going through the PDQ machine, after processing they are disposed of in a secure manner. If the payment details are taken after we have cashed up they are stored in a secure manner overnight, then processed through the PDQ machine and then disposed of in a secure manner.
We take all reasonable steps to protect and secure the personal information that we hold.
All communications with our website and booking system are encrypted using Transport Layer Security (TLS). TLS is used to protect and encrypt the connection between your web browser and our website.
We may share your information if we are required by law or to help provide our services to you. This may include sharing certain information with:
Cookies are text files placed onto your computer that are used to collect and retain information about how you interact with our websites, communications and services.
We also use ‘web beacons’ (also known as tracking pixels) to track interaction with our social media pages. This is used on some campaigns we run in order to interact with people on social media. We would use these in cases where a user has clicked on an advert and we wanted to track whether that ‘click’ converted into a booking or potential lead.
We will not keep your personal information for longer than necessary for our business purposes.
As a cruiser or property customer you are entitled to a loyalty discount if you book another holiday directly with us with 2 seasons of your last holiday. For this reason we will retain your personal information and may contact you about our services during this time if you have not opted out. This personal information is stored electronically by Holray Systems Limited and will be kept for no more that 6 years or customer inactivity.
Your booking information will be kept in paper format for a period of 2 years from the end of the financial year following the date that your holiday commenced. After this period the information will be securely destroyed by an accredited shredding provider.
Personal information from Broads Tours (day boats and river trips) will be kept in paper format for a period of 2 years from the end of the financial year following the date of hire or trip. After this period the information will be securely destroyed by an accredited shredding provider.
Our financial year runs from the 1st April until 31st March.
Merchant copies from the PDQ machines will be kept for a maximum of 60 days after this period the information will be securely destroyed by an accredited shredding provider.
You have a right to request any personal information that we hold about you. This type of request is known as ‘Subject Access Request’. If you would like a copy of some or all of your personal information that we hold about you please email or write to us using the contact details at the bottom of this Notice. Unless the request is unfounded and excessive, these will be no charge for this service and we will respond to your request with 30 days.
We want to ensure that your personal information is up to date. If you feel that any of the personal information that we hold is incorrect or inaccurate please contact us to rectify this issue.
This Privacy Notice does not apply to any third-party websites that this website links to. You are advised to read any privacy policies that may be applicable to third-party websites.
We keep our Privacy Notice under regular review and we will place any updates on this page. We will endeavour to make any changes or additions clearly distinguishable, along with showing the date that any changes come into force.
This Privacy Notice was last updated on: 27th April 2018.
Please contact us if you have any questions about our Privacy Notice or the information we hold about you:
If you wish to register a complaint about how we handle your Personal Information, you can contact the Information Commissioners Office who are the Supervisory Authority for Data Protection in the United Kingdom.