Terms of Use and Privacy Statement

Effective date: May 19, 2018

Updated on: December 1, 2018

Holiday Swapping Limited (the “Company”) is committed to protecting and respecting your privacy. The Company operates the website and the Holiday Swap mobile application (collectively, the “Services”). The purpose of this statement summarizes how we will process, collect, use, disclose and protect personal information received about users, prospective users, website visitors, office visitors, agents, suppliers, consultants, business partners and other third-parties. This privacy notice also sets out individuals’ rights related to our processing of such personal information in respect to the EU General Data Protection Regulation 2016/679 (“GDPR”) as well as associated national laws. Reference in this notice to your “personal information” means any information that identifies, or could reasonably be used to identify, you, such as names and contact details. By using our Services, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this statement, terms used in this statement have the same meanings as in our Terms and Conditions.


All definitions in this statement are pursuant to the definitions of our general Terms and Conditions and the GDPR.

  1. Service: Service means the website and the Holiday Swap mobile application operated by Holiday Swapping Limited

  2. Personal Data: Personal Data means any information that identifies, or could reasonably be used to identify, you, such as names, usernames, and contact details.

  3. Usage Data: Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

  4. Cookies: Cookies are small pieces of data stored on your device (computer or mobile device).

  5. Data Controller: Data Controller means the natural or legal person who (either alone, jointly, or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Statement, we are the Data Controller of your Personal Data.

  6. Data Processors (or Service Providers): Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of third-party Service Providers in order to process your data more effectively.

  7. Data Subject (or User): Data Subject is any living individual who is using our Service and is the subject of Personal Data.
    Holiday Swapping Limited collects and processes personal information for the following lawful reasons:

To ensure that content from our Services is presented in the most effective manner for you and for your computer or mobile device;

To provide and maintain our Services, including monitoring the use of our Services and providing customer support;

To provide you with information, news, special offers, products or services, and general information that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;

To carry out our obligations arising from any contracts you entered into between us;

To allow you to participate in interactive features of our Services, when you choose to do so;

To notify you about changes to our Services;

To detect, prevent and address technical issues; and

Where it is necessary for our third-party’s legitimate interests, including for the purposes of preventing fraud, except where such interests are overridden by your interests or fundamental rights and freedoms.

Personal Information We Collect

While you need not provide us with any personal information, there are times when we may need information from you, such as your name and e-mail address, to correspond with you, or in the course of our business, including through the use of our Services, and for our work for users and prospective users. This information will only be provided with your direct consent.

We collect and use personal information received from, or on behalf of, users to facilitate the provision of our professional services including, but not limited to due diligence, conflict checks, and interfacing with government agencies on your behalf. Additionally, we collect relevant personal information for payments, billing instructions and preferences, monitoring our business, and compiling statistical data for internal analysis and research. During our work for clients and perspective clients, personal data is only used to provide our services and fulfil our obligations.

Automated information such as the internet protocol (IP) address used to connect your device to the internet, connection information such as browser type and version, information about your device including device-type and device identifier, operating system and platform, mobile network data, a unique reference number linked to the data you enter on our system, login details, clickstream data, details of your activity with date / time stamps including pages you visited and your searches / transactions. If you log in via Facebook: Information from your public Facebook profile including your name, profile photo and date of birth.

Who has Access to User Information?

We protect user information from disclosure in accordance with ethical obligations, security and privacy obligations, legal privileges and requirements. The information you submit to us is available only to employees who manage this information for the purposes of providing contracted services with you. We may disclose your personal information to third-party service providers in accordance with arrangements which maintain the confidentiality and security of your personal data; where we are required to do so by applicable law, regulation or court order; or to enforce or defend our rights and property.

Types of Personal Information We Collect

We collect several different types of information for various purposes to provide and improve our Services to you.

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). This information may include, but is not limited to:

Email address;

First name and last name;

Phone number;

Address, State, Province, ZIP/Postal code, City; and

Cookies and Usage Data.

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you, which you have expressly provided direct consent to. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Usage Data

We may also collect information that your browser sends whenever you visit our Services or when you access the Services by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Services by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Location Data

We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Services, to improve and customize our Services. You can enable or disable location services when you use our Services at any time, through your device settings.

Tracking, Cookies Data and Cookies Policy

We use cookies and similar tracking technologies to track the activity on our Services and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services. Examples of Cookies we use are as follows:

Session Cookies: We use Session Cookies to operate our Service.

Preference Cookies: We use Preference Cookies to remember your preferences and various settings.

Security Cookies: We use Security Cookies for security purposes.

Personal Information We Collect from Website Users

Holiday Swapping Limited sites include this website and any other sites owned or operated by the Company, such as blogs, webinars, extranets, social media sites, and our mobile application. When you link to other websites, Holiday Swapping Limited’s privacy practices no longer apply. Visitors should consult the other sites’ privacy statements and notices as we have no control over information that is submitted to, or collected by, these third-parties. We use the information collected from our website to provide services that users request, such as submitting contact information or subscribing to mailing lists.

Holiday Swapping Limited’s site administrator may access the website user information. The only personal information collected on the Website is when users visit the “Contact Us” page and provide their name and contact information. The information we collect is only retained for as long as it is needed or until you instruct us to delete such information or unsubscribe from our mailing list.

Marketing E-Mails and Mailing Lists

If you receive a marketing e-mail from Holiday Swapping Limited, your e-mail address is either listed with us as someone who has expressly shared that address for the purpose of receiving information in the future (you have “subscribed” to the communication), or you have an existing relationship with us. For mailing lists, we collect name and contact details and other business information, such as job title and the company you work for. We will not share, sell or rent your personal information without your affirmative permission or unless ordered by a court of law.

The information you submit to us is available only to administrative staff who manage this information for the purposes of sending you marketing e-mail communications and to contracted service providers for the purposes of providing services related to our communications with you. We use security measures to protect against the loss, misuse or alteration of your information. Please do not send confidential information to our marketing e-mails. To unsubscribe from our marketing emails, please contact info@holidayswap.com.

Legal Basis for Processing Personal Data Under the GDPR

If you are a subject of the United Kingdom (UK), European Union (EU), or European Economic Area (EEA) subject, Holiday Swapping Limited’s legal basis for collecting and using the personal information described in this Privacy Statement depends on the Personal Data we collect and the specific context in which we collect it.

Holiday Swapping Limited may process your Personal Data because:

We need to perform a contract with you;

You have given us express or implied permission to do so;

The processing is in our legitimate interests and it’s not overridden by your rights;

For payment processing purposes; and

To comply with the law.

How Long Do We Retain Client Information?

Holiday Swapping Limited retains user information for the necessary time to carry out the purpose for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Holiday Swapping Limited retains user information for seven years after the activity on the matter ends. Longer retention periods may apply for certain cases. In those instances, users will be notified. The scope of retained material includes information reasonably required to evidence the Company’s work on the matter.

Holiday Swapping Limited will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or if we are legally obligated to retain this data for longer time periods.

If you choose to give us personal information via the Internet, it is our intent to let you know how we will use such information. If you tell us that you do not wish to have this information used as a basis for further contact with you, we will respect your wishes and rights.

Obtaining Consent for Children’s Personal Information

Holiday Swapping Limited understands the importance of protecting children’s privacy, especially in an online environment. The Company’s Services covered by this statement are not intentionally designed for or directed at children under the age of 13 years. It is the Company’s policy never to knowingly collect or maintain personal information about children under the age of 13.

Job Applicants

We collect CVs, which may include the following:

Name, address and contact details, including email address and telephone number; and

Qualification details, skills, experience, and employment history.

We use this personal data in CVs to manage the recruitment process and assess a candidate’s suitability for employment. As part of the application review process, application data from the applicant’s CV may be viewed by the Chief Executive Officer and administrative staff. This information is not traded with external organizations and is not used for marketing purposes. This information is retained for as long as the Company deems relevant. On request, this information may be deleted.

How to Access Your Personal Information and Rights Granted under the GDPR

Holiday Swapping Limited is the controller of the personal information collected. We honour your rights to privacy and access of your personal information. Pursuant to the GDPR, UK, EU and EEA subjects have the following rights in relation to personal information we collect about you during the course of business:

Right to be Informed: Individuals have the right to be informed about the collection and use of the personal information collected by Holiday Swapping Limited. Our privacy statement sets out what purposes we use personal information for, our retention periods, and who the personal information is shared with.

Right of Access: Upon your request, we will provide access to all your personal information that we have collected.

Right to Rectification: You may request that Holiday Swapping Limited updates your personal information which is inaccurate, incomplete, or has recently changed.

Right to Erasure: Upon your request, we will erase your personal information from our systems.

Right to Restrict Processing: Upon written or verbal request, individuals may request to have personal information restricted, meaning that the data will be stored in our system, but not used.

Right to Data Portability: Upon your request, we will make a secure copy of your personal information for your own purposes.

Right to Object: Upon written or verbal request, UK, EU and EEA subjects have the right to object to the processing of their personal data.

For more details on your rights pursuant to the GDPR, please visit the United Kingdom’s Information Commissioner’s Office website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ or the European Union’s GDPR website: https://www.eugdpr.org/.

If you wish to exercise your rights, please e-mail us at info@holidayswap.com.

Please note that we may ask you to verify your identity before responding to such requests. You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.

Business Relationships, Third-Parties and Suppliers

The Company’s Services may contain links to other websites that are not controlled by Holiday Swapping Limited. When you link to other websites, Holiday Swapping Limited’s privacy practices no longer apply. Visitors should consult the other sites’ privacy notices as we have no control over information that is submitted to, or collected by, these third-parties.

Holiday Swapping Limited may work with vendors, consultants, contractors, engage legal counsel, or seek services from third-party providers to facilitate our services on behalf of our users. It is Holiday Swapping Limited’s policy to disclose information to third-parties under the following circumstances:

As required by applicable law, statute, rule, regulation or professional standard, or through subpoena, search warrant or other legal process;

For regulatory compliance purposes;

Or otherwise as set out in this statement.

We may collect names, contact information, financial data, billing and payment information, and other related information about our suppliers. We use supplier personal information for our Services and to manage supplier relationships. This information is stored for seven years from the time the relationship is terminated. Only employees at Holiday Swapping Limited have access to supplier information to use as needed to conduct necessary activities on behalf of the firm and our clients. We do not share supplier personal information or data with any third-parties.

Service Providers

We may employ third-party companies and individuals to facilitate our Services (“Service Providers”), to provide our Services on our behalf, to perform Service-related assistance, or to assist us in analysing how our Services are used. These third-parties have access to your Personal Data only to perform these tasks on our behalf and are obligated to follow the governing regulations of the GDPR, which means they may not disclose or use your Personal Data for any other purpose.


We may use the following third-party Service Providers to monitor and analyse the use of our Service.

Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/.

Facebook Analytics: Facebook Analytics is a Facebook based service that tracks how users interact with our Services, and social media pages including Facebook and Instagram. The data collected depends on the data provided on Facebook by users and shared with Facebook Analytics. For more information on the privacy practices of Facebook, please visit their Data Policy: https://www.facebook.com/privacy/explanation.

Firebase: Firebase is analytics service provided by Google Inc. You may opt-out of certain Firebase features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy: http://www.google.com/intl/en/policies/privacy. We also encourage you to review the Google’s policy for safeguarding your data: http://support.google.com/analytics/answer/6004245 . For more information on what type of information Firebase collects, please visit please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/.


We may provide paid products and/or services within the Company’s Services. In that case, we use third-party services for payment processing. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their privacy policies. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information, which is only used to facilitate and process the payment.

The payment processor we work with are:

Stripe: Their Privacy Policy can be viewed at: https://stripe.com/us/privacy.

Personal Information We Collect from Guests

Holiday Swapping Limited collects personal information from guests, such as names and contact information to provide access to our facilities and manage visits. This information is only accessible to our principals and staff, and the building’s security personnel. We do not share guest data with third-parties. For UK, EU and EEA subjects, we only use this personal information for as long as it is needed to facilitate the meeting or related activities. We do not use the personal information of UK, EU or EEA subjects for any other purpose unless they provide affirmative consent.

Confidentiality and Security of Your Personal Information

Holiday Swapping Limited takes reasonable and appropriate security precautions, physical, electronic and procedural safeguards consistent with industry practice to protect your personal information. We employ a team of IT professionals dedicated to information security. Our primary information systems meet the security standards of the GDPR to protect personally identifiable information from loss, misuse, alteration or destruction.

Protecting Personal Information and Data Globally

We have executed agreements with standard data protection clauses that require Holiday Swapping Limited and its vendors to protect personal information in accordance with standards imposed by the EU’s GDPR. Our primary servers for document management, web, vendor management and accounting are located in the United Kingdom.

Transfer of Data

If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to United Kingdom and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. Holiday Swapping Limited will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is one-hundred percent secure. While we strive to use commercially acceptable means pursuant to the GDPR to protect your Personal Data, we cannot guarantee its absolute security.

Disclosure of Data

Under certain circumstances, Holiday Swapping Limited may be required to disclose your Personal Data if required to do so by law, or in response to valid requests by public authorities.

Legal Requirements

Holiday Swapping Limited may disclose your Personal Data in the good faith belief that such action is necessary to:

To comply with a legal obligation;

To protect and defend the rights or property of Holiday Swapping Limited;

To prevent or investigate possible wrongdoing in connection with the Services;

To protect the personal safety of users of the Services or the public; and

To protect against legal liability.

“Do Not Track” Signals

We do not support Do Not Track (“DNT”). DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the Preferences or Settings page of your web browser.

Revisions to Our Policy

We reserve the right to revise our privacy policy or any part of it from time to time. If we make material changes, we will provide a notice on our Website and via e-mail. You may access the most current version of our privacy statement on this site.

Additional Information

If you are a subject of the UK, EU or EEA, you have a right to complain to the data protection authority in your country. If you wish to exercise your data privacy rights, make a complaint, or request more information, please contact us as explained below.

For more details on your rights pursuant to the GDPR, please visit the United Kingdom’s Information Commissioner’s Office website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ or the European Union’s GDPR website: https://www.eugdpr.org/.

If you wish to exercise your rights or have any additional questions, please e-mail us at info@holidayswap.com.