1.1. We, D.M.A. Value Vacations Travel & Tours Inc. (we, us, our) take privacy, and the security of personal data, very seriously, and we are committed to ensuring that we safeguard your personal data at all times and in the best way possible.
1.2. This privacy notice contains important information for you. It explains:
1.2.1. who we are;
1.2.2. what personal information we collect about you;
1.2.3. how, when and why we collect, store, use and share your personal data;
1.2.4. how we keep your personal data secure;
1.2.5. how long we keep your personal data;
1.2.6. your rights in relation to your personal data; and
1.2.7. how to contact us, or the relevant supervisory authorities, should you have a complaint.
1.3. In order that we can provide travel services (including booking airline tickes, cruises, car rentals, and hotel accommodation) to you, we need to collect, use, and process or deal with, certain personal information about you. When we do so we are subject to the provisions of the Data Protection Act, 2019-29 of the laws of Barbados (DPA). We are responsible as what is described as a ‘controller’ of that personal information for the purposes of those laws. In other words, we are primarily responsible for that data, and are the ‘person who, alone or jointly or in common with others, determines the purposes for which, and the manner in which, any personal data is or should be processed’.
1.4. If you have any questions about the use to which we put your data, please email us at clientservices@dmavaluevacations.com, or write to Cara Nichols, Marketing Director at DMA Value Vacations Travel & Tours Inc. #23/24 Hastings Plaza, Christ Church, Barbados, BB15150.
1.5. This notice applies in all circumstances where we are acting as a data controller in relation to the personal data of our clients. That is to say, it applies where we have a supervisory role in relation to how personal data is collected, stored, used and shared.
1.6. We are committed to preserving the privacy of your data so that we can:
1.6.1. deliver services of a high quality to clients;
1.6.2. at all times comply with the law and the various regulations that we are subject to;
1.6.3. meet the expectations of clients, employees and third parties; and
1.6.4. protect our reputation.
1.7. In this notice, please note the use of the following terms:
| data subject | an individual who is the subject of personal data; |
| personal data | has the meaning given to it by the DPA and means any data which relates to an individual who can be identified from that data; or from that data together with other information which is in the possession of or is likely to come into the possession of the data controller; |
| processing | means any operation or actions performed on personal data; for example, collection, recording, organisation, structuring, storing, altering, deleting or otherwise using personal data; |
| we, us and our | refers to D.M.A. Value Vacations Travel & Tours Inc. and its directors; |
| you and your | refers to the person whose data is processed. |
2.1. We may collect, store, use and share personal data relating to you in the course of our provision of travel services, which include booking airline tickets, cruises, car rentals and hotel accommodation. The data we will need to collect from you in order for us to be able to provide you with our services may include the following:
2.1.1. Your name and contact details including address, telephone number, mobile telephone number, email address.
2.1.2. Information about your gender.
2.1.3. Where you are located.
2.1.4. Professional or trade-related information.
2.1.5. Information required by us in order to enable us to check and verify your identity. This may include national identification details, passport details, driving licence details, and date of birth.
2.1.6. Information as to the matter concerning the provision of our services or where we have been instructed, including frequent flyer numbers, health and dietary restrictions.
2.1.7. Information required by us in order to carry out a financial or credit check.
2.1.8. Financial details relating to you, including details of your bank account if money is, or is likely to need to be, sent to you, billing information and credit card details.
2.2. Note that failure to provide the personal data requested may prevent us from, or delay us in providing our services.
2.3. In most cases, we will collect data about you directly from you by letter, by email, using a secure portal on our website, by phone or at a meeting with you. However, we may also need to acquire information about you:
2.3.1. from third-party services such as screening suppliers, credit reference agencies, due diligence suppliers;
2.3.2. from third parties with whom you have a relationship, including banks, financial institutions, other professionals and advisers, employers, and professional bodies;
2.3.3. through information technology-related methods, including cookies on websites, access control systems, email, and instant messaging services;
2.4. Please note that it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
3.1. Data protection law requires that we only use your personal data for the purposes for which it was acquired, or where we have a proper reason for using it. Those reasons may include the following:
3.1.1. Where you have given consent to the use of your personal data for one or more specific purposes.
3.1.2. Where the use is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.
3.1.3. Where the use is necessary for compliance with a legal obligation that we are subject to.
3.1.4. Where the use is necessary in order to protect your vital interests or those of another person.
3.1.5. Where the use is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us.
3.1.6. Where the use is necessary for the purposes of our legitimate interests or those of a third party, except where those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you or the relevant person is a child.
3.2. The reasons set out above represent the general position as to the purposes for which data may be used. The specific position in relation to your personal data, however, is that we may use it for the following purposes:
3.2.1. To provide our services to you so that we can comply with our contract with you or take any steps that it is necessary for us to take before entering into a contract with you.
3.2.2. To prevent or detect fraud, either against you or against any other person involved in any matter in which you are involved. This will help to prevent any damage either to you, a third party, or to us.
3.2.3. To carry out identity checks, and to undertake information gathering and audits, as required by regulatory bodies to comply with any legal and/or regulatory obligations to which you or we are subject.
3.2.4. To undertake financial, embargo/sanction list and other security checks, and such other processing activities as are required for legal and regulatory compliance generally or specifically by your, or our, regulator(s).
3.2.5. To gather and provide any information required by, or relating to, audits, enquiries or investigations by your, or our, regulator(s).
3.2.6. To comply with our internal business policies, and for operational reasons such as security, confidentiality, competency and efficiency control, training and client care. This will help us to deliver the best services to you.
3.2.7. For audits and external quality reviews in relation to standards adopted by us (for example ISO standards, professional standards etc).
3.2.8. For statistical analysis to enable us better to manage our business; for example, in relation to our financial performance, customer base, and product service range.
3.2.9. For maintaining and updating records to ensure accuracy of processing.
3.2.10. To comply with legal and regulatory obligations to make information returns to regulators and legally-constituted bodies.
3.2.11. To ensure safe working practices, and for staff administration and assessment purposes.
3.2.12. For marketing our services and those of selected third parties if agreed to by you to existing and former clients and third parties.
3.2.13. For credit control and credit reference checks in relation to the services we perform.
3.3. We will only ever process ‘sensitive personal data’ with your consent. Pursuant to the DPA, sensitive personal data includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic and biometric data capable of identifying you, sex life or sexual orientation, financial record or position, criminal record, and criminal proceedings.
4.1. In addition to the general matters dealt with in clause 3.2 above, we may also need to send you updates concerning our services, and about relevant developments in relation to you, our services, or other related matters which might concern you or be of interest to you. This may be by post, telephone, email or text messages, and may include information about the services we offer, and information relating to changes in those services.
4.2. We regard ourselves as having a legitimate interest in processing your personal data for these purposes, and we take the view that we do not require your consent in order to do so. Where we believe that consent is required, we will contact you specifically for this, and will do so in a clear and transparent manner.
4.3. Where you have agreed to us doing so, we may also send you information about third-party services in which you have expressed an interest, or which are relevant to any services that we have supplied.
4.4. Be assured that we treat your personal data with the utmost respect and will never share it with others for marketing or promotional purposes. You have, at all times, the right to request that we do not contact you for any purpose other than providing our services. We may, however, require that you confirm your marketing preferences from time to time so that we can be sure that your views remain the same, especially in relation to issues such as legal and regulatory updates.
5.1. Notwithstanding the fact that we will not share your personal data for marketing purposes, it may be necessary for us to share your personal data with others in order to perform our services for you, to comply with our contractual obligations to you, to comply with our legal or regulatory obligations to you, or to comply with any contractual, legal or regulatory obligations that we are subject to. These may include:
5.1.1. professional advisers used in connection with our business (eg accountants, advisors, experts, lawyers);
5.1.2. third parties involved in the matter which we are dealing with, such as financial services providers, banks;
5.1.3. government and similar organisations;
5.1.4. others within our business;
5.1.5. credit reference agencies in connection with our services with you;
5.1.6. our bank, insurers and insurance brokers;
5.1.7. external auditors in relation to the audits and external quality reviews referred to above;
5.1.8. suppliers of services required in relation to our services; and
5.1.9. third-party vendors used in relation to accommodation, cars and tours.
5.2. When sharing your personal data, we will ensure at all times that those with whom it is shared process it in an appropriate manner, and take all necessary measures in order to protect it. We will only ever allow others to handle your personal data if we are satisfied that their measures to protect your personal data are satisfactory.
5.3. Please be aware that, from time to time, we may be required to disclose your personal data to, and exchange information about you or relating to you with, government, law enforcement and regulatory bodies and agencies in order to comply with our own legal and regulatory obligations.
5.4. During the course of, and sometimes following the conclusion of, our provision of services to you we may need to share your personal data with other third parties, for example those involved in a relevant or related transaction. We will only share that information which it is necessary and relevant to share.
5.5. From time to time, we may share data for statistical purposes (for example with our regulatory body). We will always take steps to try to ensure that information shared is anonymised, but where this is not possible, we will require that the recipient of the information keeps it confidential at all times.
6.1. Your personal data will be kept secure at all times.
6.2. Your personal data may be held at our offices, at third-party agencies and service providers, and by our representatives and those agents used by us.
6.3. We operate various security measures in order to prevent the loss of, or unauthorised access to, your personal data. We restrict access to your personal data to those with a genuine business need to access it, and we have procedures in place to deal with any suspected data security breach. We will notify you, and any applicable regulator, of a suspected data security breach where we are legally required to do so.
6.4. In addition, we take the following steps to protect your personal data: maintaing Payment Card Industry (PCI) compliance, application of firewalls, and credit card encryption.
6.5. Personal data that is processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing.
6.6. Where your personal data is retained after we have finished providing our services to you, or where the contract with you has ended in any other way, then this will generally be for one of the following reasons:
6.6.1. so that we can respond to any questions, complaints or claims made by you or on your behalf;
6.6.2. so that we are able to demonstrate that your matter was dealt with adequately, and that you were treated fairly;
6.6.3. in order to comply with legal and regulatory requirements.
6.7. In general, we will only retain your data for so long as is necessary for the various objectives and purposes contained in this notice and in most cases for one (1) year. Please note, however, that different periods for keeping your personal data will apply depending upon the type of data being retained and the purpose of its retention.
6.8. We will retain your personal data as follows:
6.8.1. As part of profiles created within the Amadeus Global Distribution System. These profiles remain for as long as you remain an active customer, however, credit card information is not retained.
6.8.2. Contact details are retained so that we can inform you of updates concerning our services, and about relevant developments in relation to you, our services or other related matters which might concern you, or be of interest to you.
6.8.3. For such time as is necessary for compliance with a legal obligation that we are subject to, or in order to protect your vital interests, or the vital interests of another natural person.
7.1. In order for us to provide you with the services for which we have been instructed, it may be necessary for us to share your personal data with those who are outside Barbados where, for example, those persons are based outside Barbados, where electronic services and resources are based outside Barbados, or where there is an international element to the instructions we have received from you. These persons may include travel vendors such as Amadeus, cruise lines, hotels, car rental companies or tour companies. Where this is the case, special rules apply to the protection of your data.
7.2. We will always take steps to ensure that, wherever possible, the transfer complies with data protection law, and that your personal data will be secure.
7.3. In the instances provided in clause 7.1 we will either rely, as appropriate, on:
7.3.1. the basis that the transfer of the personal data is necessary
(a) for the performance of the contract between you and us; or
(b) for the conclusion of the performace of the contract entered into between us and a person other than yourself which (a) is entered at your request; or (b) is in your interest; or
7.3.2. your consent.
7.4. For further information please contact Cara Nichols (our Marketing Director).
8.1. Data protection legislation gives you, the data subject, various rights in relation to your personal data that we hold and process. These rights are exercisable without charge, and we are subject to specific time limits in terms of how quickly we must respond to you. Those rights are, in the main, set out in Section 10–23 of the DPA and similarly found in data protection legislation throughout the Caribbean. They are as follows:
8.1.1. Right of access— the right to obtain, from us, confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to that personal data and various other information, including the purpose for the processing, with whom the data is shared, how long the data will be retained, and the existence of various other rights (see below).
8.1.2. Right to rectification— the right, without undue delay, to have inaccurate personal data concerning you put right.
8.1.3. Right to erasure— sometimes referred to as the ‘right to be forgotten’, this is the right for you to request that, in certain circumstances, we delete data relating to you.
8.1.4. Right to restrict processing— the right to request that, in certain circumstances, we restrict the processing of your data.
8.1.5. Right to data portability— the right, in certain circumstances, to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted to another controller.
8.1.6. Right to object— the right, in certain circumstances, to object to personal data being processed by us where it is in relation to direct marketing, or in relation to processing supported by the argument of legitimate interest.
8.1.7. Right not to be subject to automated decision making— a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
8.2. Full details of these rights in Barbados can be found in the DPA or by reference to guidance produced by the Data Protection Commissioner of Barbados.
8.3. In the event that you wish to exercise any of these rights you may do so by:
8.3.1. Contacting us using any medium you wish, including in writing, by telephone, by text, electronically, or using such social media as we employ for communication purposes.
8.3.2. By completing a form which we can supply to you for this purpose.
8.3.3. Through a third party whom you have authorised for this purpose.
9.1. In order to ensure that data is kept secure, and to prevent there being any breach of confidentiality, we have put in place security measures which are intended to prevent your personal data from being accidentally lost or used or accessed unlawfully. Access to your personal data is restricted to those with a need to access it, and regard will be had to the need for confidentiality when that personal data is processed.
9.2. In the event that there is a personal data breach you and the Data Protection Commissioner will be notified where we are legally required to do so.
10.1. If you have any queries as to the acquisition, use, storage or disposal of your personal data, please contact us.
10.2. We can be contacted at D.M.A. Value Vacations Travel & Tours Inc. #23/24 Hastings Plaza, Christ Church, Barbados, BB15150; Email: clientservices@dmavaluevacations.com.
10.3. Notwithstanding our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Data Protection Commissioner, who may be contacted in writing at Ministry of Industry, Innovation, Science & Technology, 5th Floor, SSA Building, Vaucluse, St. Thomas, Barbados; by telephone on (246) 536-1200 or (246) 536-1212;
10.4. This privacy notice was published on 7th March 2024 and last updated on 3rd September 2024.
10.5. The terms and provisions of this privacy notice may be changed, updated and amended from time to time.