SECURITY, PRIVACY & COOKIE  POLICY

When you buy a tour from Radical Travel Group Limited over the World Wide Web your web browser connects to our site through SSL (Secure Sockets Layer). SSL is an industry standard protocol for secure encryption over the internet. When information is encrypted it is scrambled between your computer and our secure servers. The information can only be unscrambled when it safely reaches our end. It's fast and safe and it ensures your personal information cannot be read by anyone else.

We use Verisign to identify ourselves. If you click on the Verisign logo it will open up a window telling you how to further investigate this site's authenticity. The URL (e.g.www.haggisadventures.com) will be different depending on which company you are booking a tour with. For example if you book a Shamrocker tour, the URL will say www.shamrockertours.com, and similarily if you book under Radical Travel the URL will contain www.radicaltravel.com. The second system, the Which? Web Trader Scheme, is there to give you extra confidence in our policies should anything go wrong with your internet transaction. If you would like to know more about the Which? Web Trader Scheme try their website www.which.net/webtrader

Our booking process can be split into four separate stages. Each stage is identified by the information it is gathering. SSL encryption requires extra processing power to secure the data transferred between machines. In some cases the extra overhead can be too much for slower internet connections. To make the booking process as easy and reliable as possible, SSL is only used when sensitive data is transferred e.g. credit card details.

1.21 Stage 1 - Tour Information
Stage 1 allows you to select where, when and how many of you are going on the tour. You are also given the chance to read and agree to the terms and Conditions. No sensitive information is passed between your computer and our system at this point so no SSL encryption is used.

1.22 Stage 2 - Confirmation of Tour Details
Stage 2 confirms the tour you have chosen, the cost per person, the start and return dates, the number of passengers, and the total cost. You are given the option to add more tours or continue when you have checked the details are correct. As in Stage 1 no sensitive data is passed between our computers so no SSL encryption is used.

1.23 Stage 3 - Passenger details
Stage 3 allows you to enter the personal details of each passenger travelling on the tour(s). Some details are required to process your order, while others are optional. You are also given the chance to select the passengers going on each of the tours, if you selected more than one. The total amount to be paid will be displayed before the booking process goes on to accept your credit/debit card details and sets up a SSL connection between your computer and our secure servers.

1.24 Stage 4 - Payment Details
The SSL connection is established and you are asked to key in your credit/debit card details. If you booked several people onto the system you will be asked to either select who is paying for the whole group or enter multiple card details until the whole group is accounted for. All this is done under SSL encryption. Once everybody has paid a booking summary screen will appear giving you full details of the booking and a booking reference number. The booking is now complete. To make sure nobody else can go back to the information you entered on your browser you must close the browser window.

If our system cannot process your booking due to inaccurate information (e.g. you typed your credit card details incorrectly when making the booking) a member of our sales team will contact you by email and try to remedy the situation.

Once you have booked a confirmation email will be sent to the email address supplied in stage 3. A second email will be sent, when your credit/debit card has been charged successfully, confirming full payment has been made.

Last updated: 19 December 2024

This privacy notice explains how HAGGiS Adventures uses and protects personal information related to our customers, website users, and others who interact with us. We are committed to protecting your personal data, and it is important that you read this privacy notice along with any other privacy notices we may provide when collecting or processing personal data, so you fully understand how and why we use your data. This notice supplements other privacy notices and does not override them. 

HAGGiS Adventures (referred to as “we,” “us,” or “our” in this notice) values your privacy and strives to provide a secure, trustworthy experience across all interactions, whether you’re making a purchase, managing an account, or using our website. 

We respect your right to privacy and aim to ensure you have a positive experience with us, whether visiting our website, making bookings, or interacting with our brand. We know your personal data is important to you, and we want you to feel confident in our data protection practices, which reflect our commitment to handling your information with care. 

We collect personal data in various ways, including but not limited to: 

• Direct Interactions: You may share personal information with us when you fill out forms, contact us by mail, phone, or email, or leave feedback about us on TripAdvisor or other platforms. This includes comments or photos posted on our social media platforms, as well as content where you have tagged us. 

• Automated Technologies: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns. This data is collected using cookies, server logs, and other similar technologies. 

• Third Parties: We may receive personal data about you from various third parties and public sources. 

• Identity Data: Includes first name, last name, username or similar identifier, title, date of birth, and gender. 

• Contact Data: Includes billing address, delivery address, email address, and telephone numbers. 

• Financial Data: Includes bank account and payment card details. 

• Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us. 

• Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. 

• Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses. 

• Usage Data: Includes information about how you use our website, products, and services. 

• Marketing and Communications Data: Includes your preferences in receiving marketing from us and your communication preferences. 

• Call Recordings: Includes recordings of calls made to our reservation centres. 

We process your personal data under the following legal bases: 

• Consent: You have given clear consent for us to process your personal data for a specific purpose. 

• Contract: Processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract. 

• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject. 

• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights and interests do not override those interests. 

We process personal data for the following activities, along with their respective legal bases:  

You may receive marketing communications from us if you have requested information or purchased goods/services from us, unless you have opted out. By opting in to receive marketing communications, you may also receive materials from our affiliated brands or partners offering related products, as well as through completed request-a-quote (RAQ) forms or brochure requests. 

We may also receive your contact information from third-party lists, where you have provided consent to share your data with us for marketing purposes. This allows us to share information and offers related to our services with you. 

If you prefer not to receive marketing from us or our affiliated brands, you can opt out at any time by unsubscribing through any marketing email sent to you or by contacting us. 

For direct mail, you can unsubscribe by completing a specific form, Data Request Form | The Travel Corporation or by emailing us at compliance@ttc.com. 

If you are associated with a business or organisation that is our customer, we may collect personal data, including: 

• Business Details: Name, address, contact information, payment details, and financial information of the business. 

• Role Within the Business: Your position (e.g., owner, partner, director, employee, agent). 

• Work Contact Details: Work address, telephone numbers, fax number, and work email. 

Purpose: This data is collected to fulfill contractual obligations and manage our business relationships effectively. 

Legal Bases: The processing is necessary for the performance of a contract and is based on our legitimate interests in managing customer relationships and providing services.

We and our suppliers or subcontractors may generate personal data about you in the following ways: 

• Enquiries, Bookings, Complaints: Data generated when handling enquiries, bookings, or complaints. 

• Fulfillment of Contracts: Data generated during the fulfillment of bookings or contractual agreements. 

• Analysis of Personal Data: Insights gained through data analysis to improve services and customer experience. 

• Website Usage: Data collected from your use of our website, as detailed in our cookie policy. 

• Telephone Calls: Recordings of telephone calls for training and quality purposes. 

Purpose: This data is used for operational purposes such as improving customer service, service delivery, and business analytics. 

Legal Bases: The processing is based on legitimate interests to maintain and improve our services, fulfill contractual obligations, and comply with legal requirements. 

We collect information regarding your accounts, registrations, and participation in loyalty programs. 

Purpose: This data is used to manage your account, facilitate registrations and memberships, and administer loyalty programs. 

Legal Bases: Processing is necessary for the performance of a contract and is based on our legitimate interests in providing personalised services and improving customer loyalty. 

We process messages and communications related to bookings, enquiries, or contracts between you, us, and third parties. 

Purpose: Correspondence data is essential for confirming bookings, responding to inquiries, resolving issues, and fulfilling contractual obligations. 

Legal Bases: Processing is necessary for the performance of a contract and is based on our legitimate interests in providing efficient customer service and managing relationships. 

We collect personal data from your use of our website, including: 

• Data Collection: Information about your visits and interactions, including IP address, device details, browser type, operating system, and time-zone. 

• Cookies and Web Beacons: Data collected through cookies and web beacons to enhance user experience and analyse website performance. 

• Page Interactions: Data about the pages visited, services/products viewed, duration of interaction, etc. 

Purpose: This data helps us improve website functionality, personalise user experience, and optimise marketing efforts. 

Legal Bases: Processing is based on legitimate interests to understand user preferences, improve performance, and deliver relevant content and advertising. 

We may process content you provide related to your experiences with us, including: 

• Feedback, Blogs, Reviews, and Images: Content submitted to our platforms. 

• Marketing Use: Use of such content in marketing materials, on our website, in emails, or shared with trade partners. 

Purpose: User-generated content enhances marketing, promotes engagement, and provides authentic testimonials. 

Legal Bases: Processing is based on consent when you submit content and is necessary for our legitimate interests in promoting services and engaging with our audience. 

We may obtain personal data about you from third parties, including: 

• Providers of Holidays, Accommodation, and Travel Services: Data obtained to fulfill bookings and provide comprehensive travel services. 

• Credit, Fraud, and Identity Verification Agencies: Data obtained for identity verification, fraud prevention, and secure transactions. 

• Businesses You Are Associated With: Data to enhance customer service and manage business relationships. 

• Purchased Third-Party Lists: We may also receive personal data from third-party providers, including purchased marketing lists, where you have opted in to allow your information to be shared for marketing purposes. 

• Social Media Platforms: We may collect personal data through interactions on social media platforms (e.g., Facebook, Instagram), including engagement with our advertisements and campaigns. 

We may share your personal data with other affiliated brands under The Travel Corporation (TTC) if you have explicitly opted in, requested a quote (RAQ), or requested a brochure from those brands. Your data will only be shared under these specific circumstances, and we do not sell or share your personal information for any other purposes. 

Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and we use them to improve your customer experience. Please see our Cookie Notice. 

We (and any affiliate of the Travel Corporation Group, subcontractor, or other entity processing your personal data on our behalf) may transfer, store, and process your personal data within the European Economic Area ("EEA") and the United Kingdom. We may also transfer your personal data outside the EEA and the United Kingdom only to companies within our group or to parties with whom we have a contract based on the Standard Contractual Clauses issued by the European Commission. We ensure that your personal data is protected by requiring all our group companies and contracted parties to adhere to the same data protection standards. This ensures that adequate safeguards are in place for such transfers outside the EEA and the United Kingdom. 

Insert brand name complies with the Data Privacy Framework, which ensures the protection and proper management of personal data. We adhere to the principles of transparency, accountability, and user control over personal data. 

HAGGiS Adventures name complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  HAGGiS Adventures has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  HAGGiS Adventures has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.  

In compliance with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, HAGGiS Adventures is committed to cooperating with and complying with the advice of the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to address unresolved complaints regarding our handling of personal data received under these frameworks. 

Under certain conditions, individuals may invoke binding arbitration to resolve complaints that are not addressed through other DPF mechanisms. For more details, please refer to Annex I of the DPF Principles. 

As part of our participation in these frameworks, our organisation is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may also disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

We comply with the DPF Principles regarding the onward transfer of personal information to third parties. If we transfer personal information to a third party acting as a controller, we will ensure this is done in accordance with the Notice and Choice Principles. For transfers to third parties acting as agents on our behalf, we remain liable under the DPF Principles if the agent processes personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event leading to the damage. 

If you have questions or complaints regarding our compliance with the DPF Principles, individuals should first contact our Compliance Team at: compliance@ttc.com.  

Our website is not meant for children, as defined by data protection laws, and we cannot always know the age of those using it. If a child has shared personal information without permission from a parent or guardian, the parent or guardian should contact us. If we find out that a child’s personal information was collected without proper consent, we will delete the child’s account, if they have one. 

In some cases, we may need to collect children’s personal information, such as for bookings, buying travel-related services, or other special situations (like family-focused features). When we handle children’s information, we follow strict rules to ensure it is used lawfully, only when necessary, and kept secure. 

If you have questions about how we protect children’s personal information, or if you are a parent or guardian who wants to delete or update your child’s information, please contact us at compliance@ttc.com. 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. Specific retention periods for different aspects of your personal data are available upon request. 

You have rights under data protection laws regarding your personal data, including the right to: 

• Access your personal data. 

• Correct your personal data. 

• Erase your personal data. 

• Object to processing of your personal data. 

• Restrict processing of your personal data. 

• Transfer your personal data. 

• Withdraw consent. 

To exercise any of these rights, please use our dedicated online Data Request Form at Data Request Form | The Travel Corporation (ttc.com), or email your request to compliance@ttc.com.  

The laws we comply with are regulated by the Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, or call 03031231113 and online at https://ico.org.uk/make-a-complaint/  and for other member states, the independent supervisory authority responsible for monitoring the application of the regulation. In addition to your rights above, it is open to you, if you have a complaint or a concern, to seek assistance from this supervisory authority who has powers to compel us to comply with applicable laws and fine us for non-compliance.  However, before you do so, we would hope that you will contact us first to discuss any complaint or concerns you have. 

We prioritise your data security with strict measures to prevent unauthorised access, loss, or disclosure: 

• Physical Security: Secure premises and controlled access to storage areas. 

• Encryption and Network Security: Data encryption, firewalls, and advanced security protocols. 

• Access Control: Restricted data access with strong authentication. 

• Data Minimisation: Collect and retain only necessary data. 

• Audits and Monitoring: Regular checks for vulnerabilities and compliance. 

• Staff Training: Ongoing education on data protection practices. 

• Incident Response: Rapid action plan for data breaches. 

• Third-party Compliance: Ensured through contracts. 

• Privacy by Design: Privacy integrated into our systems from the start. 

• Continuous Improvement: Regular updates to security measures. 

These measures ensure your personal data is safe and handled responsibly at all times. 

We keep our privacy notice under regular review. Any changes we make to our privacy notice will be posted on this page and, where appropriate, notified to you by email. 

The data controller responsible for the processing of your personal data is HAGGiS Adventures, located at Travel House, Rue du Manoir, St Peter Port, Guernsey, Channel Islands, GY1 2JH. You can contact us at email at compliance@ttc.com,  by phone at 0800 533 5619, or by post at Travel House, Rue du Manoir, St Peter Port, Guernsey, Channel Islands, GY1 2JH for any privacy-related queries. 

If your data is shared with affiliated brands under TTC, those brands will process your data in accordance with their own privacy notices, and personal data will only be shared under the circumstances outlined in this notice. 

For further details on how we and our affiliated brands handle your data, please refer to the individual privacy notices of each brand. 

This Cookie Policy (“Policy”) describes Radical Travel Group Limited’s collection, use, and retention of the cookies present on the website.

Cookies are simple text files that help coordinate Radical Travel Group Limited’s website servers and your browser to display the full range of features offered by us. These features include hassle-free automatic logins and authentication, shopping cart functionality, third party ad serving, ad management, preference setting, and language setting, among others.

We require your consent to process cookies, unless you provide us with your personal information, for instance for registration, placing an order, or complete online forms. In this case, we may collect, store and use your personal information in accordance to our Privacy Policy https://www.haggisadventures.com/essential-info/privacy-security-policy. We encourage you to read this document.

This is the privacy policy of Radical Travel Group Limited (referred to as "we", "us" or "our").  We are incorporated under the laws of Scotland. Our incorporation number is SC192271 and our incorporation address or registered office is 2nd Floor, Atholl Exchange, 6 Canning Street, Edinburgh, EH3 8EG, Scotland.

Also known as the 'Cookie Directive', the instrument that defines the requirements for consent for cookies across the EU is Directive 2009/136/EC of the European Parliament and of the Council, an excerpt of which is reproduced below:

“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information”.

The UK introduced the amendments on 25 May 2011 through The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. The relevant section is below:

“6. - (1) Subject to paragraph (4), a person shall not store or gain information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment -

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) has given his or her consent.

(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.

(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.”

In summary, to comply with the law, we need to give clear information about what the cookies are used for, why, and obtain consent from you, the user. These are the objectives this Policy is set out to achieve.

Cookies can be categorised in many ways, one is with regards to their longevity, i.e. for how long they are stored in your browser. According to this classification, cookies can either be:

• Session cookies: temporary cookies that identify and track users within our website. These are automatically deleted by your browser when you close your browser or end the session; and
• Persistent cookies: cookies which enable our website to ‘remember’ who you are and your preferences within our website. These cookies are stored in your browser (the specific location depends on the browser and version) for a period of time.

We assess the cookies present in our website periodically, to ensure they are aligned with the requirements of current legislation. For instance, we remove persistent cookies set to hold data for an excessive period of time, which do not meet the principle of storage limitation, as per Article 5.1.e of the General Data Protection Regulation (GDPR).

We may change this Cookie Policy at any time and from time to time without notice to you, including by publishing a new version on our website. When we will make any change, we will notify you on our website of such change. You can check the top of the document to see the latest version in force. Any change will be prospective only, and we will not make any changes that have retroactive effect unless legally required to do so.

As cookies are stored in the web browser used to access the website, users need to change the settings pertaining that browser in particular. Below are some of most popular browsers and corresponding links to the vendors’ guidance on disabling cookies:

• Internet Explorer:

https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

https://support.microsoft.com/en-gb/help/278835/how-to-delete-cookie-files-in-internet-explorer

• Firefox:

https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature

• Chrome:

https://support.google.com/chrome/answer/95647?hl=en-GB

• Safari:

https://support.apple.com/kb/PH5042?locale=en_GB

• Opera:

https://www.opera.com/help/tutorials/security/privacy/

In addition, Google Analytics gives you the option to install an opt-out browser add-on for Internet Explorer 11, Firefox, Chrome, Safari, and Opera:

https://tools.google.com/dlpage/gaoptout

Please note that disabling or rejecting the use of cookies on our website may result in some pages becoming inaccessible or not functioning properly.

Several websites explain how cookies work, offering more detail, such as www.aboutcookies.org, and www.allaboutcookies.org. (we have no affiliation with these websites).

If you have any questions about our Cookie Policy or about how we process your personal data, including any complaints, please contact us either by e-mail to info@radicaltravel.com, telephone on +44 131 557 9775, or by post to Radical Travel Group, 60 High Street, Edinburgh EH1 1TB, Scotland.