Privacy Policy – Version 1.3
Effective Date: 7 February 2025
Data Controller:
The Wanderlust Edit Ltd — registered in England & Wales (No. 16288214)
Registered Office: 124 City Road, London, EC1V 2NX, United Kingdom
Email: privacy@thewanderlustedit.co.uk Tel: +44 (0)207 434 7407
At The Wanderlust Edit, we treat every itinerary—and every item of personal data—with the utmost discretion and care. This Privacy Policy explains how we collect, use, share and safeguard your information when you visit thewanderlustedit.co.uk (“Site”) or use our travel-curation services (“Services”).
We comply with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and the Privacy & Electronic Communications Regulations (“PECR”). As an Independent Affiliate of Colletts Travel, part of Global Travel Collection, all bookings are subject to Colletts Travel’s terms and conditions, which can be accessed at: https://collettstravel.com/booking-terms-and-conditions/.
1. Glossary of Key Terms
| Term | Meaning |
|---|---|
| Personal Data | Information that identifies or can identify you. |
| Processing | Any action performed on Personal Data (collection, storage, transfer). |
| Data Subject | You—the individual who can be identified. |
| Data Controller | The Wanderlust Edit Ltd, which decides why and how personal data is processed. |
| Data Processor | Third parties who process data only on our instructions (e.g., booking systems). |
2. What We Collect
| Category | Examples | Source |
|---|---|---|
| Personal Identification Data | Name, address, email, phone, passport, travel preferences | Provided by you via forms, calls, email, WhatsApp |
| Transactional & Travel Data | Itineraries, loyalty numbers, payment data | Generated during planning and fulfilment |
| Technical & Usage Data | IP address, browser type, device ID, pages visited | Automatically via analytics and server logs |
| Marketing Preferences | Newsletter opt-in, RSVP history | Provided by you |
We also use cookies for functionality, analytics, and personalised marketing. See our Cookie Policy for full details.
3. How We Use Your Data and Legal Bases
| Purpose | Typical Data | Legal Basis (UK GDPR Art. 6) |
|---|---|---|
| Prepare quotes, reservations | Name, contact, passport, travel prefs | Contract |
| Payment & fraud prevention | Billing, ID | Legal obligation & legitimate interests |
| Travel alerts and disruption comms | Booking, contact | Legitimate interests |
| Curated marketing (email/WhatsApp) | Contact, preferences | Consent |
| Tailored travel perks | Dietary, accessibility, occasion | Explicit consent (Art. 9(2)(a)) |
| Website performance & analytics | IP, browser, time stamps | Legitimate interests |
4. Retention and Deletion Schedule
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Booking files & invoices | 7 years | Secure purge and encrypted backup deletion |
| Passport & visa scans | 30 days post-travel | Secure deletion |
| Marketing contacts | Until unsubscribed or inactive for 3 years | Database anonymisation |
| Health/accessibility notes | Trip end + 6 months | Secure deletion |
5. Cookies and Similar Technologies
We use a GDPR-compliant cookie banner. Our cookies fall into:
- Strictly necessary (session, login, security)
- Analytics (e.g., Google Analytics 4 – anonymised)
- Functionality (language, currency settings)
- Advertising (e.g., Meta Pixel – activated only after consent)
You can update your preferences anytime via the Cookie Settings link in our footer.
6. International Transfers
Some data may be transferred outside the UK/EEA—for example, to global hotel chains, booking platforms, or cloud services. These transfers rely on:
- UK adequacy regulations
- Standard Contractual Clauses (2021/914/EU) with ICO Addendum
- Other lawful safeguards
7. Security Measures
- ISO 27001-certified UK/EU data centres
- AES-256 encryption at rest; TLS 1.3 in transit
- Multi-factor authentication for staff & suppliers
- Quarterly penetration testing
- Annual cyber-risk reviews
- Breach response protocol (ICO notification within 72 hours if needed)
8. Your Rights
You have the right to:
- Request access to your data
- Correct or update inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict or object to processing
- Receive data in portable format
- Withdraw marketing consent at any time
- Lodge a complaint with the ICO (ico.org.uk | 0303 123 1113)
To exercise any right, contact: privacy@thewanderlustedit.co.uk. We respond within one calendar month.
9. Children
Our services are not directed at anyone under 18. If data is collected in error, it will be deleted unless verified parental consent is obtained.
10. Third-Party Links & Social Media
Our Site may link to Instagram, LinkedIn, and trusted booking engines. We are not responsible for their privacy practices. Please review their policies before sharing data.
11. Automated Decision-Making
We do not use personal data for automated decisions or profiling that produce legal or significant effects.
12. Changes to This Policy
This policy is reviewed annually or when laws change. Updates will be published here and may be shared via email if changes materially affect your rights.
Last reviewed: 12 June 2025
13. Contact
Privacy Officer
The Wanderlust Edit Ltd
124 City Road, London, EC1V 2NX
📧 privacy@thewanderlustedit.co.uk
📞 +44 (0)207 434 7407
