Data Protection Privacy Policy

What is the purpose of this privacy policy
This privacy policy is to tell you what personal data we collect from you and why and what we will do
with this data. It also tells you about some of the key rights which you have under data protection
laws. You and your personal data is protected by the UK General Data Protection Regulation (which
is otherwise known as UK GDPR) and the UK Data Protection Act 2018. In this privacy policy, we refer
to this legislation as data protection laws.
We will only process your personal data as set out in our privacy policy or otherwise notified to or
agreed by you or as we are otherwise permitted to do in accordance with data protection laws.
When we refer to “you” in this privacy policy, we mean the lead passenger, anyone else we
communicate with in respect of an enquiry, quote or booking (for example, the person by or through
whom payment is made if not the lead passenger), all persons who travel or are intended to travel
on holiday and the parent/guardians of any minors who travel or who are intended to travel.
What is our role in relation to your personal data?

For the purposes of data protection laws, we, Capital Holidays (International) Sole Proprietorship
L.L.C a company registered in Abu Dhabi with commercial license number 2243312 trading as Etihad
Holidays, are a data controller in respect of the personal data you provide us with.
What is my personal data and what do you mean by process?
When we refer to personal data, we mean any information which relates to an identified or
identifiable individual.
Where we refer to process or processing, we mean anything which we may do with your personal
data including collecting, storing, using, disclosing to third parties and erasing it.
What personal data will we collect from you and why?
In order to respond to an enquiry, provide a quote, administer and fulfil your booking or send you
any promotional material including our newsletter, we need to process personal data we obtain
from you.

Where you wish to make a booking, the personal data we need to collect and process at various
stages is likely to include;
• name of the lead passenger
• contact details for the lead passenger including their e-mail and postal addresses and
telephone number(s)
• if different to the lead passenger, the point of contact for financial arrangements / payments
including their e-mail and postal addresses and telephone number(s)
• names and dates of birth of all persons travelling
• special dietary information
• information in respect of any medical condition, disability or reduced mobility which may
affect anyone travelling – this comes within special categories of personal data (see below)
• passport information

For an enquiry, the personal data we will need to process is likely to include the name and contact
details of the person making the enquiry.
For a booking or booking enquiry, we will process your personal data (other than any data which
comes within special categories of personal data - see below) on the basis that this is necessary for
the performance of your contract with us or to enable us to take steps at your request prior to your entering into a contract with us. We may also need to do so to comply with a legal obligation to
which we are subject or in order to protect your vital interests (for example, in an emergency

If you wish to receive any promotional material from us such as our newsletter, enter a competition or take part in a survey, we will need your name and the contact details applicable to the form of communication you have consented to. For example, if you wish to receive information by e-mail,

we will need your e-mail address.
We do not use any personal information for marketing purposes other than the names and
applicable contact details of the person who has consented to receive such material.

Personal data which concerns your health or which reveals your racial or ethnic origin or your sexual
orientation are special categories of personal data. Other information also comes within special
categories but this is unlikely to be relevant to the booking and provision of travel arrangements.
Generally speaking, the processing of special categories of personal data requires the explicit
consent of the person concerned.

Accordingly, information concerning any disability, medical condition, restricted mobility or other
health related issue (and related requirements) as well as dietary restrictions which disclose your
religious beliefs or any health issue are special categories of personal data. We will ask for your
consent to our processing this information at the time you make your booking or your booking
enquiry or whenever you otherwise provide or indicate that you intend to provide such information.

This consent should be provided to us by the party leader on behalf of the person concerned who
must authorise the party leader to do so.
In the case of special categories of personal data which relates to children and young people under
the age of 18 when the consent is required, consent will need to be provided by the party leader on behalf of the individual’s parent or legal guardian who must authorise the party leader to do so
Who may we provide your personal data to?

Where you make a booking, appropriate personal data will be passed on to the relevant suppliers of
your chosen travel arrangements. If you ask us to book any additional services we will have to pass
on your details to the supplier of those services. Suppliers and other third parties are likely to include the following depending on the travel arrangements booked:-

• hotels and other accommodation providers
• airlines and other transport providers
• cruise lines
• event organisers

When you make a booking, you will be prompted to give credit/ debit card or other payment details
to a third party payment processor. Whilst it may feel like we are collecting this information, it is
actually being collected by the payment processor directly in order to take authorised payments.
The information may also be provided to government / public authorities such as customs or
immigration if required by them, or as required by law.

We may also make personal data available to other companies who provide services on our behalf,
such as direct marketing, administration, customer care, website hosting and the reorganisation/structuring/sale of our business.
We only provide third parties with the personal data they require in order to deliver their services.
Other than in relation to government / public authorities (over whom we have no control), we will take appropriate steps which are intended to ensure that anyone to whom we pass your personal data for any reason agrees to keep it secure, only uses it for the purposes of providing their services and does not collect any personal data from you in the course performing their services.

In the event of our insolvency we, or any appointed insolvency practitioner, may disclose your
personal information to the CAA, and or ABTA, so that they can assess the status of your booking
and advise you on the appropriate course of action under any scheme of financial protection. The
CAA’s General Privacy Notice is at
Third parties who might collect your personal data
On our website we use Google Analytics, Google Web Fonts, Google Maps and Recaptcha all of
which are services provided by Google Inc Ireland Limited, Gordon House, Barrow Street, Dubin 4,
Ireland. These services provided by Google allow us to provide you with a better experience when
using our website and in some cases provide us with data about your visit. See our Cookies Policy
for more information about the information captured and why.

Google’s privacy policy appears here:

Social Media
We have Facebook, Instagram and LinkedIn social media pages. Each of these social media networks
have elements that are integrated into our website which in basic terms will allow these pages to
recognise that you have visited our website.

Facebook and Instagram are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square,
Dublin 2, Ireland.

LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Where you view or interact with our Facebook and Instagram social media pages Meta will process
your personal data in line with their own privacy policy which appears here
Where you view or interact with us via LinkedIn, they will process your personal data in line with
their own privacy policy which appears here:

We use Intuit (Mailchimp) from Intuit Inc., 2700 Coast Ave, Mountain View, CA 94043, USA to send our newsletter. This enables us to contact subscribers directly. In addition, we analyse your usage behaviour in order to optimise our offering. We only pass on your name and email address to Intuit.
Intuit will process your personal data in line with their own privacy policy which appears here:
Where will we process your personal data?

Your personal data may be processed within the UK and/or any country(ies) of the European
Economic Area (EEA). EEA countries are all member states of the European Union together with Norway, Iceland and Liechtenstein.

We also process personal data outside UK or the EEA. Data protection laws may not be as strong
outside the UK and EEA as they are in the UK and EEA. Personal data will not be transferred to a
country outside the UK or the EEA unless (1) the country to which it is transferred is one which the
UK government considers to provide an adequate level of data protection or (2) the personal data is
transferred to a company which is required by our contract with them only to deal with the data in
accordance with our instructions and to maintain appropriate security to protect the personal data
which we are satisfied they have or (3) we are obliged to provide the personal data to a government
/ public authority in order to provide your booking.
How do we protect your personal data?
We take appropriate technical and organisational measures to protect against unauthorised or
unlawful processing of personal data and against accidental loss or destruction of, or damage to,
personal data, which is appropriate to the harm that might result from the unauthorised or unlawful
processing or accidental loss, destruction or damage and the nature of the data to be protected,
having regard to the state of technological development and the cost of implementing any
Can we use your personal data to send you information about other travel services in the future?
We will only retain and use your personal data for marketing purposes where you have specifically
consented to our doing so or, in relation to e-mail marketing, where we comply with the Privacy and
Electronic Communications Regulations 2003 (PECR). PECR permits us to send you e-mail marketing where you have previously provided us with your e-mail address in the course of entering into a contract with us for travel arrangements or negotiations for such arrangements and we wish to email you marketing material about our similar services or products. You will of course be given the opportunity to opt out of receiving such e-mail marketing communications when you first provide us with your e-mail address and whenever we send you any e-mail marketing.
You may provide your consent to receiving marketing material from us either on-line or by
telephone. You may also choose in what ways you are happy to receive communications from us.
You may, for example, be happy to receive information and offers by post and e-mail but not by telephone.
Can you withdraw your consent to our processing your personal data?
Yes, you can withdraw your consent to receiving marketing material or other communications from
us at any time, either generally or in any particular way, by e-mailing us at Alternatively you can telephone us.
How can you find out what information we are holding about you?
You are entitled to ask us (by letter or e-mail) what personal data of yours is being held or processed, for what purpose and to whom it may be or has been disclosed. No fee will be charged for responding to this request unless it is obviously unfounded or excessive or we have previously
provided the same information. We promise to respond to your request without delay and in any
event within 1 month unless the request is complex or you have made numerous requests in which case we may be able to extend our response time by a further 2 months.
What should you do if the personal data we are holding is inaccurate, out of date or incomplete?
If you believe this is the case, please tell us by e-mail as soon as possible. We will rectify the problem
within 1 month or within 3 months if the rectification request is complex.
How long can we retain and process your personal data?
We will not process your personal data in a form which enables you to be personally identified for
any longer than is necessary in order to fulfil the purpose for which it was originally collected or for
any other legitimate business purpose.

Where your personal data has been provided for the purpose of the booked travel arrangements or
other services you have contracted, we are entitled to retain this data for a reasonable period after
those arrangements have been completed. In certain limited circumstances, we may be able to
retain it for a longer period.

If you have consented to receiving marketing communications from us, we may continue to use your personal data for this purpose until you withdraw your consent or otherwise for as long as we reasonably consider your consent remains valid and effective.
Can you ask us to delete your personal data?
Yes, you can ask us to erase your personal data in certain circumstances, for example where you
have withdrawn your consent to further marketing material where the data in question has only
been processed for this purpose. However, this is not always the case. Please see the previous
paragraph for further information on the period of time we may retain personal data.
Can this privacy policy be changed?
Yes, from time to time we may need to make changes to this privacy policy. These may be required
as a result of changes in data protection laws or in the guidance issued by regulators such as the
Information Commissioner’s Office (which is usually referred to as the ICO) or where we make
changes to our procedures. The latest version of this privacy policy can be found on our website.
Does our website use cookies?

Yes, as is the common practice, our website uses cookies. A ‘cookie’ is a small data file which our website server stores on your computer in order to collect information about your visit and to remember you when you visit again at a later date. The main purpose of a cookie is to identify users and to personalise their visit by customising web pages for their use. We may also use third parties who will collect data which is not personally identifiable to analyse site visits and carry out other similar activities. In the course of doing so, they may place their own cookies on your computer so that they can collect information about your visit. You may if you wish disable or delete such cookies through your internet browser. However, doing so may mean you will be unable to access our website or parts of it, your experience of our website may be adversely affected and/or you may not receive information which is relevant to your personal interests. You can view our cookie policy here
What should I do if I have a complaint about the processing of my personal data?

If you have any complaint about the way in which your personal data has been dealt with, please let
us know by e-mail to We will investigate and respond to you as soon
as we reasonably can. If you remain dissatisfied, you may complain to the Information
Commissioner’s Office. For further details, see

What are our contact details?
You can contact us here:

Capital Holidays (International)
Sole Proprietorship L.L.C
Abu Dhabi National Exhibition Centre, Khaleej Al Arabi Street,
P.O. Box 5546, Abu Dhabi
Telephone: +44 20 457935 50