As previously mentioned, we do not sell, trade or rent your information, and will never disclose information about you (including information obtained from our dealings with you) to third parties, except:
a) where we have a legal interest in a company;
c) where third parties administer part or all the product or service. An example of this is where you book a travel product with us. Under CAA rules we have to place any funds paid to us into a trust administered by PT Trustees Limited, details of how they process your information can be found on their website: https://pttrustees.com/privacy-notice;
d) for underwriting, pricing, insurance rating analysis and testing purposes, and to maintain management information for business analysis;
e) for tailoring adverts you see when you are online. These might be on the Saga website, social media sites such as Facebook, search results, or other sites that sell advertising space;
f) for marketing purposes, where we have a legal basis for doing so;
g) where we have engaged a third party to carry out market research on our behalf and who may contact you for the purpose of obtaining feedback about the products and services that we offer;
h) where we have your consent to do so;
i) where you have a travel booking, in the event of our insolvency we, or any appointed insolvency practitioner, may disclose your personal information to the CAA, and/or ABTA so that they can assess the status of your booking and advise you on the appropriate course of action under any scheme of financial protection. The CAA’s General Privacy Notice is at https://www.caa.co.uk/Our-work/About-us/General-privacy-notice/ ABTA’s Privacy Notice is at https://www.abta.com/privacy-notice.
We may be obliged by law to pass on your information to the police or any other statutory or regulatory authority. In some cases, exemptions may apply under relevant data protection legislation, whereby we can legitimately release personal data e.g. to prevent or detect crime or in connection with legal proceedings.
After you purchase a product or service from us, we may enter into an arrangement for that service to be provided by a new third party. If this happens, the terms and conditions of your contract with us will provide that you consent to the transfer and processing of personal and/or special category personal data to the new provider, subject to the requirements of the GDPR and associated legislation.
If we provide information to a third party (either a provider of a product or service, or an external data processing agency such as a mailing house) or a company in which Saga has a legal interest, we will exercise the strictest contractual controls, requiring them and any of their agents and/or suppliers to:
- maintain the security and confidentiality of the information and restrict access to those of its own employees
- use the data for the agreed purpose only and prevent it being used for any other purpose by any other party
- refrain from communicating with you other than concerning the product in question
- return the data to us at the conclusion of any contract term and destroy or delete any copies made of all or any part of the information unless copies are needed to be kept to comply with regulations.
In addition, we will restrict the information disclosed to the absolute minimum necessary.
Information sent outside the EEA
We provide products and services including holidays outside the EEA (European Economic Area) and to some countries that are not whitelisted Countries. Therefore, if you travel on such holidays the information you provide may occasionally be transferred outside the EEA. From time to time Saga may use service providers and organisations outside the EEA for the purpose of processing services, system testing and maintenance.
It is worth noting, however, that some non-EEA countries do not afford the same level of data security as the UK. We will always use every reasonable effort to ensure sufficient protections are in place to safeguard your personal information.