top of page

Privacy
&
Data Policy

PRIVACY & DATA POLICY

Last updated: 27 December 2025

1. Who we are

 

This Privacy & Data Policy explains how Global Dec Ltd (“Global Dec”, “we”, “us”, “our”) collects, uses, stores, shares and protects personal data when you visit our website, contact us, or purchase/receive our services (including travel ground arrangements and cultural accompaniment, where applicable).

 

Controller details:

Global Dec Ltd (Company No. 10385559)

Registered office: 3 Oakwood Gardens, Consett, DH8 0BX, United Kingdom

Email: office@global-dec.com

 

As website owners, we act as the Data Controller of visitors’ personal data collected via the site. Wix provides the website infrastructure and typically acts as a data processor on our behalf for site-visitor data.  

 

2. Legal framework we follow

 

We operate under the UK GDPR and the Data Protection Act 2018.  

Because we may serve individuals located in the EU/EEA, we also align our practices with the EU GDPR principles where relevant to cross-border activities.

 

3. What data do we collect

 

We may collect and process the following categories of personal data:

 

3.1 Data you provide directly

• Identity and contact details (name, email, phone/WhatsApp, address if needed)

• Booking and service data (programme selected, preferences, communications, invoices/receipts details)

• Traveller information for delivery of travel ground arrangements (e.g., passport details/copy where required, nationality, date of birth, emergency contact)

• Payment-related metadata (transaction references, status confirmations — we do not store full card details)

 

3.2 Data collected automatically on the website

• Device and usage data (IP address, browser type, device identifiers, referral pages, pages viewed, timestamps)

• Cookies and similar technologies (see Section 12)

 

3.3 Special category data (only where necessary)

 

If you voluntarily provide health/dietary/accessibility information relevant to travel or safety (e.g., allergies, mobility needs), we treat it as special category data and apply additional safeguards. We only request/retain this where necessary for the service, and we limit sharing to what is strictly required (e.g., to a hotel for dietary requirements).  

 

4. Why we use your data (purposes)

 

We use personal data to:

1. Respond to enquiries and provide the information requested

2. Provide services and administer bookings, including confirmations, documents, and customer support

3. Coordinate travel ground arrangements with third-party suppliers (hotels, transport, guides, venues) where applicable

4. Process payments and manage accounting, audit, fraud prevention, and legal compliance

5. Improve our website, user experience, and service quality (analytics, performance monitoring)

6. Send service messages (e.g., operational updates, required documentation, schedule changes)

7. Send marketing communications only where permitted by law and your preferences (see Section 11)

 

5. Lawful bases for processing (UK GDPR)

 

Depending on context, we process data under one or more of the following lawful bases:

• Contract: processing necessary to perform a contract or take steps at your request before entering into a contract (e.g., booking administration).  

• Legal obligation: compliance with tax/accounting and other legal duties.  

• Legitimate interests: to run and secure our business and website (e.g., preventing fraud, improving services), balancing your rights and freedoms.  

• Consent: where required (e.g., certain cookies/marketing, or special category data where applicable). You can withdraw consent at any time (see Sections 10 and 12).  

 

6. Who we share data with

 

We share personal data only as necessary and proportionate, including with:

 

6.1 Website and hosting provider

• Wix (website hosting, forms, site operations). Wix generally processes site-visitor data on our behalf under its Data Processing Agreement.  

 

6.2 Payment and finance providers

• Payment providers you choose at checkout (e.g., PayPal/Stripe or other enabled providers), plus our banking partners for bank transfers. These providers process payment data as independent controllers for their own compliance purposes.

 

6.3 Travel suppliers (for travel programmes/ground arrangements)

• Hotels/accommodation providers, transport operators, guides, venues, and other suppliers are strictly to deliver the ground services you purchased. Shared data is limited to what is necessary for performance (e.g., names, passport details where required for check-in, rooming lists, dietary needs where essential).  

 

6.4 Professional advisers and compliance

• Accountants, auditors, legal advisers, insurers (if needed for claims/defence), and regulators or law enforcement, where required by law.

 

We do not sell personal data.

 

7. International transfers (UK and EU/EEA)

 

Because online services and suppliers can involve cross-border processing, your data may be transferred and stored outside the UK and/or EEA.

 

Where UK personal data is transferred internationally, we use recognised safeguards such as:

• the ICO International Data Transfer Agreement (IDTA) or

• the UK Addendum to the EU Standard Contractual Clauses (where appropriate).  

 

Where EU/EEA personal data is transferred outside the EEA, we rely on safeguards such as the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) or other lawful mechanisms.  

 

UK–EEA adequacy: the European Commission has renewed the UK adequacy decisions allowing data to flow from the EEA to the UK under adequacy conditions (subject to review).  

 

8. Data retention

 

We keep personal data only for as long as needed for the purposes described above, including:

• Contract administration and service delivery

• Legal and accounting retention requirements

• Handling complaints, disputes, and claims

 

Typical retention periods may vary by category. For example, transactional/accounting records are retained in line with legal obligations; travel booking records may be retained for a period consistent with limitation periods for contractual claims. Where possible, we anonymise or securely delete data once it is no longer required.

 

9. Security measures

 

We use reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction, including access controls, restricted permissions, and secure storage practices. However, no system can be guaranteed 100% safe; you should also protect your devices and email accounts.

 

10. Your rights

 

Under UK GDPR (and similarly under EU GDPR), you may have rights including:

• Right to be informed

• Right of access

• Right to rectification

• Right to erasure (in certain circumstances)

• Right to restrict processing

• Right to data portability (where applicable)•    Right to object (in certain circumstances)

• Rights related to automated decision-making/profiling (where applicable)

 

ICO guidance on individual rights is available, and you may exercise your rights by contacting office@global-dec.com. We may request identity verification before responding.  

 

11. Marketing communications

 

We may send marketing messages only where permitted by law (for example, where you have opted in, or where a limited “soft opt-in” applies and you can easily opt out). Every marketing message will include an unsubscribe/opt-out method. Service and operational emails (e.g., booking confirmations, document requests) are not marketing and cannot be opted out of while a booking is in progress.

 

12. Cookies and analytics

 

We use cookies and similar technologies to operate the website, improve performance, and understand usage. You will be shown a cookie banner to manage your preferences (where required). Wix provides tools to support GDPR compliance (including cookie notices/banners), and as the site owner, we are responsible for informing visitors about cookie use.  

 

If you use third-party analytics (e.g., Google Analytics) or marketing pixels, these may set cookies or collect device/usage data. Your cookie preferences may limit or disable non-essential cookies.

 

13. Children’s data

 

Our services are generally intended for adults. Where services involve minors (e.g., travel/study-related arrangements), a parent/guardian or authorised adult must provide the data and confirm they have authority to do so. We do not knowingly collect data from children via the website without appropriate authority.

 

14. Third-party links

 

The website may include links to third-party sites. We are not responsible for third-party privacy practices. Please review their policies.

 

15. Complaints

 

If you have questions or complaints, contact us at office@global-dec.com first, and we will aim to resolve the issue promptly.

 

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO).  

If you are located in the EU/EEA, you may also contact your local supervisory authority.

 

16. Updates to this Policy

 

We may update this Policy to reflect legal, technical or operational changes. The latest version will always be published on this page with the “Last updated” date.

bottom of page