Privacy Policy

1. Introduction

In accordance with the General Data Protection Regulation (GDPR) which came into force on 25th May 2018, we are obliged to explain how we store and handle types of personal data we may collect about you, and how we keep it safe. GDPR is an EU regulation on data protection and privacy for all individuals within the EU and EEA, including citizens from outside the area, but using services from within the EU or EEA. We will continue to abide by this, even if things change after Brexit on October 31st 2019.

By 'we' I mean me, Jill Pretorius trading as Windsor Day Tours as a sole trader, and who is the one who organises and carries out the tours, and is the creative  one.  But it also includes Kevin Pretorius who voluntarily built this website, and the booking & payment systems behind it and let's be frank, has the business nous, and is determined that I stay legal by having me write this privacy policy.

2. The Legal Framework the Website is Built On

The law on data protection lays out a variety of reasons a company or business may collect and process your personal data including:

2a Consent

When you contact us with an online enquiry form, you can give us an email address by which to contact you.

When you make an enquiry, you are not obliged to offer any personal data other than your email address, so that I can respond to your enquiry. By making a booking, you are consenting to me collecting some personal data information for the purposes set out in 2b and 2c.

I may occasionally have special offers or competitions either on this website or on my Windsor Day Tours Facebook Page which by entering means you consent to us having your name and address for purposes of contacting you if you win. We never share your address with third parties. Entering competitions means you agree to your name being published on my website and / or Facebook Page, but you can ask for it not to be published if you prefer.

I will ask for verbal consent to upload identifiable photos of you on to my Facebook Page. I will not upload said photos if you do not want me to. 

2b Contractual and Legal Obligations

There are times when we need your personal data to comply with our contractual obligations.

We ask for your name, age range, postal address, email and contact phone number when you book a tour with us. 

 The personal information you fill in on the booking form will be removed a few months after completion of business. We do not pass on personal information to 3rd parties (Unless legally obliged to by a court of law eg because of criminal activity or fraud).

We neither receive, nor have sight of, nor store, any of your financial and / or bank details as these elements are handled by an external agent (PayPal or iZettle)

It is possible YOU may ask to complete a financial transaction by bank transfer, in which case we request only the information necessary to complete that transaction, including IBAN and SWIFTBIC codes along with sort code and account number.

2c Legitimate Interest

 The data privacy law allows for legitimate interest in understanding our customers and providing the highest levels of service.

When you book with us, we ask how you heard about us. This helps us identify which marketing is most effective and / or where to focus our future marketing

3 What Other Personal Data Is Kept?

We store records of correspondence with you. This is removed within legal frameworks after completion of business

4 What is Your Personal Data Used For?

I offer a personalised business, and being able to communicate with you promptly, efficiently and courteously is all part of that. It enables me to respond to your queries, devise the best itinerary for your tour, process payments and refunds, and manage compliments and complaints. 

I find it useful to know where in the world my customer base is from - and also where not -  to help me think how I can improve and widen my service.

The main elements of what I use your personal data for are as follows: 

  • Name: So I can address by name, or you can indicate how you would prefer to be addressed as part of being polite and friendly
  • Age range: So that I can purchase the correct tickets (eg child, adult, student or concession) and also to fulfil legal requirements regarding provision of car seats for young children.
  • Postal address: For security purposes as part of a lone working policy, but more pragmatically so that I can return items that may have been left behind in my car. 
  • Email: Easiest way to discuss the tour with you, because of time differences and cost of phone calls
  • Contact phone number: In case I need to speak with you in an emergency on the day of the tour. Without this, on the rare occasion I may be delayed en route, I can let you know. Or if you are delayed in immigration, I can check on your progress.

This ability to offer you the best tour I can based on you / your group's interests, ages, and requirements is what drives me. But alongside that is the need to: be legally compliant, financially secure regards payments, minimise the risk of fraudulent or criminal use of my website, and to improve the service I offer where I can.

5. How We Protect Your Personal Data

We (ok, Kevin) built this new website and new booking system specifically to offer you a better viewing / customer experience combined with an increased level of data protection and security, and monitoring for potential cyber attacks.

Our website uses 'https' technology. This means that all communication between us, including booking and payments is encrypted using "SSL" (padlock) technology.

Booking and payment has an in-built 2-factor authentication process and also involves 'Captcha'  to reduce the likelihood of unauthorised access to your information via hacking or bots.

All data is stored in a secure data centre

6. Who Do We Share Your Personal Data With?

If the law requires us to, we may need to share the data we hold on you as part of fraud or criminal activity affecting our business.

Other than any legal requirements, we do not share your personal data with third parties. 

For secure data storage purposes, your data is shared with 123-reg, and stored in secure encrypted form in their data centre.

7. How Long Is Your Personal Data Kept For?

Your personal data is kept until after completion of business. Financial records are kept for 7 years and 1 month.

If you are a returning customer, we thank you very much. However you would need to complete a new booking form, as your previous personal data will not be stored such that I can retrieve it to issue a new quote.

8. Your Rights Concerning Personal Data We Hold

You have the right to request:

  • access to the personal data we hold about you, free of charge
  • the correction of your personal data if incorrect, incomplete or out of date
  • that we delete all of your information from our database upon completion of business, or if you decided to cancel a tour
  • removal of any identifiable photos, names or identifiable information on my website, or business Facebook page

To request any of the above, please email me on This email address is being protected from spambots. You need JavaScript enabled to view it. and I will respond within 2 working days, unless away on holiday, in which case I will respond as soon as I can.

If we decline to action your request, we will explain to you the reasons for our refusal. 

9. Contacting the Regulator

If you feel we have not handled your data correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal date, you have the right to lodge a complaint with the Information Commissioner's Office. Please note this applies to EU / EEA member states.

You can contact them by calling +44 (0)303 123 1113

Or go online to (opens in a new window. We can't be responsible for the content of external websites)

If you live outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence

10. TL; DR and Any Questions?

In summary:

This is an EU directive, but we are treating this the same for all our non-EU / EEA clients who after all comprise 95% or more of our work 

We are obliged to keep personal data about you only for contractual, legal and legitimate reasons, only for long as is needed (including legal purposes), and as securely as possible.

We need explicit consent to do so, and consent can be withdrawn at any point. We don't ask for more than we truly believe necessary for the purposes of fulfilling a personalised tour, and if you do ask for personal data to be removed, it could affect my ability to provide you with an excellent service.

Our website, booking and payment systems have been designed to hold your information securely and to reduce the risk of cyber-attacks. We do not 'see' any of your financial transactions as we use Paypal and iZettle for this.

We don't share your information with anyone else, unless required to do so by law.

You are welcome to share your photos and reviews on my website, or on my business Facebook Page. I won't share identifiable photos of you, or your name without your permission.


If you have any questions regarding the personal data privacy policy please do not hesitate to contact me on This email address is being protected from spambots. You need JavaScript enabled to view it.