Created by Amelia Kirin

The Cravings Cookbook combines stunning recipes with award-winning chefs and a diverse range of courses to suit all abilities.

Privacy Policy

1. INTRODUCTION

Your privacy is important to Nomad Elite Ltd. and its subsidiaries and affiliates (“Nomad”, “our”, “we,” or “us”). It is Nomad's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://nomadelites.com/ and other sites we own and operate.

 
This Privacy Policy (“Policy”) describe Our data protection practices vis-à-vis how We collect, use, process, disclose and transfer the Personal Data, through the websites of the individuals who browse, or access or provide information in connection with our services (“Services”) (hereinafter, collectively referred to as “You”, “Your”). We are committed to respecting Your online privacy and ensuring that the Personal Data is processed for Our legal purposes and in a transparent manner, as set out herein. We seek to ensure that the Policy is in compliance with European Union’s General Data Protection Regulation (GDPR) and all applicable laws and regulations. Whether these and/or other data protection laws apply depends on their scope in each individual case.

 
In this policy, we inform you how and why we collect, process, and use personal data. This information is particularly intended for:

 
• users of our websites and apps;
• individuals who use or may be interested in our services;
• contacts at our business customers and partners;
• individuals who contact us;
• recipients of our newsletters, personalized offers, other marketing communication and activities;
• participants in research campaigns, customer panels, customer satisfaction and opinion surveys;
• participants in events;
• visitors of our company locations.

If you provide us data about other persons (e.g. family members or friends for joint bookings), we assume that you are authorized to do so and that the data is correct. Please ensure that affected persons have been informed about this Privacy Policy.

2. Data Controller
Unless communicated otherwise, the controller of the data processing described in this policy is:

ZB616072


Our EU-Representative pursuant to article 27 GDPR is:


Company's Registered Address:

7 Bell Yard,  London, WC2A 2JR

Company's email address:

info@nomadelites.com

_________________

3. Contact
To exercise your data protection rights described in section 13, please use our data subjects’ rights contact form.

If you have general questions or concerns regarding this policy, you can contact our Data Protection Officer and team at the following address: 7 Bell Yard, London, WC2A 2JR, UK

Please note that inquiries not related to data protection such as requests or feedback on individual bookings or services will not be answered nor forwarded by our data protection team.

4. Sources of personal data

You often disclose personal data to us yourself, for instance when you send us data or communicate with us. The provision of personal data is voluntary in most cases, which means that you are not generally obliged to disclose your personal data to us.

However, we do have to collect and process the personal data that is required for processing contractual relationships and fulfilling associated obligations or that are prescribed by law as we would otherwise be unable to conclude or continue the contract in question.

We may also collect personal data about you ourselves or automatically to provide you our Services. This may be technical data about your device, data about the transaction or your behavior. For example, we can analyze the data collected during the booking process and, on this basis, make assumptions about your personal interests, preferences, affinities, and habits. This enables us, for instance, to tailor our offers and information to your individual needs and interests (see also section 11) .

We may also receive information about you from third parties with which we cooperate, persons who communicate with us, or public sources.

For example, we may receive information about you from the following third parties:
_________
5. Main purposes and legal bases for processing
We process personal data for the following purposes:
• Information and marketing (section 5.1);
• Market research and product development (section 5.2);
• Compliance with laws and regulations (section 5.3);
• Security (section 5.4);
• Protection of rights (section 5.5);
• Specific use cases (as described in section 6).

5.1. Information and marketing

We process personal data for relationship management and marketing purposes, for example in order to send you newsletters and offers to carry out marketing campaigns. Messages and offers may be personalized. We may use technologies that allow us to determine if the recipients have opened the message or interacted with promotional materials in another way.

If we ask you for consent, for example when you subscribe to a newsletter, our basis for this processing is your consent (article 6(1)(a) GDPR). If we process personal data for information and marketing activities without asking for consent, we concluded on a case-by-case basis that our legitimate interest forms a sufficient basis for that processing (article 6(1)(f) GDPR). See section 13 for information about your right to withdraw your consent or to object to processing.

5.2. Market research and product development

We process personal data in order to improve our services, for example, when we analyse data on the usage of our services. The basis for this processing is our legitimate interest (article 6(1)(f) GDPR).

You may register for our customer panel to receive the opportunity to let us know your opinion on specific subjects related to our products and services. Members of the customer panel are invited at regular intervals, via e-mail, to take part in market research projects, such as brief online surveys, focus groups, product tests and in-depth interviews, for example. The information provided by a member such as address, age, gender, nationality, professional background and travel behaviour and habits is used to identify suitable surveys for the member. The information received in the course of a market research project is analysed in anonymized form. Our basis for the processing related to the customer panel and other surveys is your consent (article 6(1)(a) GDPR).

5.3. Compliance with laws and regulations

We process personal data in order to comply with legal obligations and to prevent and detect infringements. Our obligations may derive from the laws and regulations of EU, as well as self-regulations, industry and other standards, our own corporate governance, or official directives.

For the carriage of passengers specifically, we may be legally required to collect and disclose defined personal data to authorities in the countries on the itinerary. This may include the following personal data:

• Advanced Passenger Information (“API data”): Basic information about passengers that is required by specific government authorities for entering and leaving the country. It includes the name, date of birth, sex, nationality, travel document data and e-mail address of passengers. API data also includes other data, such as flight information (e.g. flight number and arrival and departure times);
• Passenger Name Record (“PNR data”): Information and data required for carriage (e.g. booking code, name, e-mail address, flight information, payment information and details of travelling companions), plus any additional data in connection with carriage, in particular information sent by you (e.g. frequent flyer information or special requests) or third parties (e.g. travel agencies);
• Health data such as a specific immunization status;
• Child travel permit, if a child is travelling alone or with one parent only.
This information is required for legal, security, regulatory and administrative reasons, which may include the following purposes:
• Border control;
• Immigration formalities;
• To combat organized and international crime, terrorism, and other serious crimes;
• For public health purposes; e.g. orders by an authority for combating an epidemic or pandemic;
• Other lawful purposes subject to applicable law.

Usually, such data is required by the authorities of the country of departure and/or arrival and therefore must be disclosed to authorities involved, such as criminal prosecutors, judicial, health or other administrative authorities. For example, the U.S. border authorities (U.S. Customs and Border Protection) receive API and PNR data when you book a flight between Switzerland and the USA. The U.S. authorities have given the same guarantees with regard to the use of data to the European Union; they will only use the information for combating terrorism and other serious, cross-border criminal offences.

Nomad is also obliged to disclose your personal data and under circumstances to foreign criminal prosecution, judicial or administrative authorities if they require the disclosure in order to prevent or prosecute crimes, misdemeanours or administrative misconduct or for administrative duties.

Data transfers to authorities are based on our legitimate interest in complying with EU laws and in supporting the above-mentioned purposes (article 6(1)(c) and (f) GDPR). If the processing relates to special categories of personal data (such as health data) the legal basis is Art. 9 (2)(a),(g) or (i) and 10 GDPR.

5.4. Security

We process personal data for security purposes – for your and our security. Examples of processing for this purpose include:
• measures for IT security;
• physical access control;
• video surveillance and the evaluation of recordings at specific premises for the detection and prosecution of criminal acts;
• measures for the prevention of theft, fraud and misuse;
• analysis in order to detect suspicious behavior patterns and fraudulent activities;
• disclosure of data in connection with harm, injury and criminal acts to authorities and insurance companies.

5.5. Protection of rights

We want to be able to establish and enforce our claims and defend ourselves against the claims of others. Our claims may include claims of employees, companies affiliated with us and our business partners. We therefore also process personal data for the protection of rights, for instance in order to enforce claims judicially, before or out of court, and before authorities worldwide, or to defend ourselves against claims.

The legal basis for this data processing is our legitimate interests in protecting our rights (article 6(1)(f) GDPR).

6. Specific use cases, their purposes, legal bases, and further details

6.1. Website access

We collect information that your browser automatically transmits to us in "server log files" when visiting our websites. These may include the following data:
• Internet Protocol address (IP address) of the user’s device;
• Internet service provider;
• operating system, browser type and browser version used;
• date and time of the server request;
• requested website;
• referrer URL (the website previously visited).
The data automatically collected as described above is processed for the purposes of proper functioning of our websites, e.g. for establishing a connection, ensuring stability and uninterrupted system security, to improve our services, and for statistical purposes.
The legal basis for the data processing is our legitimate interest in said purposes (article 6(1)(f) GDPR).
On our websites, we also process personal data with so-called cookies and similar technologies for additional purposes such as analytics and marketing. For more information, please see our Cookie Policy.

6.2. Payments on invoice and instalments

In order to use the any online payment option, we may process your personal data (e.g. first name and surname, address, date of birth, e-mail address and mobile telephone number, as well as information on the outstanding amount, the currency used and the booking data). If there is any suspicion of fraud, we will verify the assessment and the underlying evidence. You will be informed if your application has been declined.

The purpose of this processing is to provide the payment service, for identity and creditworthiness checks (this may also include obtaining references from other third parties, such as credit agencies) and for risk management (including fraud and abuse prevention and also with the involvement of further third-party companies). Please note that if you use this service, the service provider processes your personal data as independent controller according to its own policy.

The processing by us or third parties necessary to fulfil a contract with you (e.g. terms and conditions you accepted) is based on article 6(1)(b) GDPR. Any other processing for the purposes mentioned above is based on our legitimate interests (article 6(1)(f) GDPR).

6.3. Anti-fraud measures

We may verify payment transactions in order to prevent fraud and other improper usage. To this end, we use both internal and external sources of information. For this purpose, we also use distinct, identifiable technical features. If fraudulent activity is suspected and/or detected, we may share the relevant information (including personal data) with any other third-party who may also verify the data on our behalf.

The basis for this data processing is our legitimate interest in anti-fraud measures (article 6(1)(f) GDPR).

7. Legal bases according to the GDPR

Depending on the applicable law, data processing is only permitted if the applicable law specifically allows it. If not indicated for the respective purpose above, the processing of your personal data is based on one of the following legal bases:
• your consent, when we requested it, for example for newsletters, marketing cookies etc. (article 6(1)(a) GDPR);
• fulfilment of a contract with you or for pre-contractual measures, for example in the context of a booking with us or with one of our partners (Art. 6(1)(b) GDPR);
• compliance with a legal obligation, for example, our obligation as air carrier to communicate API data to the competent authorities based on EU Directive 2004/82/EU (Art. 6(1)(c) GDPR);
• legitimate interests including our own interests and third-party interests, for example in enhancing customer satisfaction, in advertising and marketing activities, in safeguarding and organizing business operations, including the development of websites, apps and other systems, in protecting passengers, customers, employees, and other individuals, as well as data, secrets, in risk management, in selling and purchasing companies, parts of companies, or other assets, in the enforcement or defence of legal rights and claims and in complying with any foreign law as well as internal rules and regulations (Art. 6(1)(f) GDPR).

8. Data disclosures

We may disclose your personal data to other companies if we make use of their services. These service providers generally process personal data on our behalf as so-called “processors”. Our processors are obliged to only process personal data in accordance with our instructions and to take suitable measures to ensure data security. Certain service providers are also joint controllersor independent controllers (e.g. service providers for “Payment on Invoice” as described in section 6.2).
Examples include services in the following areas:
• travel technology;
• advertising and marketing services, for example for the delivery of messages and information;
• corporate management services, for example accounting or asset management;
• payment services;
• IT services, for example in the areas of data storage (hosting), cloud services, the delivery of e-mail newsletters, and data analysis and refinement;
• advisory services, for example the services of tax advisers, lawyers, management consultants.
• In individual cases, we may disclose personal data to other third parties for their own purposes, for example if you have granted your consent or we are legally obliged or authorized to share such information. In such cases, the data recipient is legally responsible as independent controller of the data and usually provides its own policy.

Examples of such cases include the following:
The processing of personal data in order to comply with a court or administrative order, or to enforce or defend legal rights or claims, or if we consider such processing to be necessary on any other legal grounds. We may also disclose your personal data to other parties involved in any proceedings.
The transfer of claims to other companies, such as collection agencies.
The review or execution of corporate transactions such as corporate acquisitions, sales, and mergers.
Please take note of our Cookie Policy concerning independent data collection by third-party providers whose tools we have integrated into our websites and apps.

9. Retention of personal data

We retain your personal data:
• for as long as it is required for the purpose of processing and compatible purposes, in the case of contracts normally for at least the duration of the contractual relationship;
• for as long as it is subject to a statutory retention requirement. For example, a ten-year retention period applies to certain data;
• for as long as we have a legitimate interest in storing it. This may be the case, in particular, if we need personal data to enforce or defend claims, for archiving purposes, and to ensure IT security.
Specific examples for retention periods based on our legitimate interest are the following:
• we generally retain contractual data for ten years after contractual expiry as claims may arise during this time (statute of limitation).
• other retention periods mentioned in other policy.

10. Profiling, artificial intelligence and automated decision-making with legal effect
«Profiling» refers to a procedure during which personal data is processed on an automated basis in order to analyze personal aspects or make predictions, e.g. the analysis of personal interests, preferences, affinities, and habits or the prediction of likely behavior. Profiling is a common procedure across industries. Profiling supports us in specific purposes and has the respective legal basis as mentioned in section 5 and 6 above. For example, profiling helps us to
• improve our offers on a continuous basis and tailor them to individual needs;
• present our contents and offers to you in accordance with your needs;
• show you advertisements and offers that are likely to be relevant for you;
• support you better with our customer service;
• conduct credit assessment.

There is not yet an internationally recognized definition for “Artificial Intelligence” (AI). As with all new technologies, Nomad commits itself to use such technologies in a responsible way. We do not make any decision about you which is based solely on automated processing and which has legal effect on you or significantly affects you in a similar way, unless we inform you about it separately. You would then have the option of having the decision reviewed by a human being.

11. Data Security

We take appropriate technical and organizational security measures in order to safeguard your personal data, protect you against unauthorized or unlawful processing activities, and to address the risk of loss, unintentional changes, inadvertent disclosure, or unauthorized access. However, like all companies, we cannot completely rule out data security infringements; certain residual risks are unavoidable.

Security measures of a technical nature include the encryption and pseudonymisation of data, record keeping, access restrictions, and the storage of data backups. Security measures of an organizational nature include training of our employees, confidentiality agreements, and audits. We also undertake due-diligence of our processors to ensure that they take appropriate technical and organizational security measures.

12. Your rights regarding your personal data

You have the right to object to data processing particularly if we process your personal data on the basis of a legitimate interest and the other applicable requirements are met. You can also object to data processing in connection with direct advertising (e.g. advertising e-mails) at any time. This also applies to profiling, to the extent it is related to direct advertising.

Provided the applicable conditions are met and there are no applicable statutory exceptions, you also have the following rights:

• the right to request information about your personal data stored by us;
• the right to have inaccurate or incomplete personal data corrected;
• the right to request the deletion or anonymization of your personal data;
• the right to request that the processing of your personal data be restricted;
• the right to receive certain personal data in a structured, commonly used and machine-readable format;
• the right to revoke consent with effect for the future, insofar as processing is based on consent.
Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about the identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations. If exercising certain rights will incur costs on you, we will notify you thereof in advance.
In general, exercising these rights requires that you prove your identity (with a copy of your passport or ID where your identity is not evident otherwise or can not be verified in another way).
You can exercise these rights:
• by unsubscribing from newsletters and other advertising e-mails, typically at the end of the e-mail.
• via our data subjects’ rights contact form. Please note that it may take up to 30 days until you receive our first response.
• While we hope we can address any concerns you may have related to our data processing, you are free to lodge a complaint with a competent supervisory authority.

Inquiries not related to data protection such as requests or feedback on individual bookings or services will not be answered nor forwarded by our data protection team.

13. Changes to our Policy

This Policy may be changed from time to time and without prior notice or announcement. The current version published on our website shall apply.

Copyright 2023 © Nomad Elite. All Rights Reserved