Privacy Policy

This Privacy Notice explains how Rhythm & Routes collects, uses, stores and protects your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are
Rhythm & Routes
Email: hello@rhythmandroutes.com

2. What Data We Collect
We collect:
• contact details (name, email, address, phone number)
• passport details
• payment information
• medical or dietary information needed for travel
• preferences and booking history

3. How We Use Your Data
We use your personal data to:
• arrange and manage travel bookings
• send information about your trip
• process payments
• meet legal and regulatory requirements
• provide customer support

4. Legal Basis for Processing
We process your data because it is necessary for:
• performing a contract (your travel booking)
• complying with the law
• our legitimate interests in running our business

5. Sharing Your Data
We share your data only with:
• travel suppliers (airlines, hotels, tour operators)
• regulatory bodies if required by law
• payment processors
• IT and CRM providers supporting our operations

Data may be transferred outside the UK where required to fulfil your booking. Safeguards are applied where appropriate.

6. How Long We Keep Data
We retain data only as long as necessary for legal, financial and operational reasons.

7. Your Rights
You have rights to:
• access your data
• correct inaccurate data
• request deletion
• restrict or object to processing
• request data portability

You may exercise these rights by contacting us.

8. Security
We use technical and organisational measures to protect your data.

9. Complaints
If you are unhappy with how we handle your data, you may contact the Information Commissioner’s Office (ICO).

10. Contact Us
Email: hello@rhythmandroutes.com
Further details available on request.