Last updated on 22 Feb 2024
This Privacy Policy outlines how Wintergreen Advisors Limited, doing business as Trotter, uses and protects your personal data. Our policy is structured in a layered format, allowing you to navigate to specific sections for detailed information. It applies to you when you use our services, access our website or mobile app, create an account with us, contact us by any medium, or otherwise provide personal data to us.
Importantly, when you book third-party services through us, with Trotter acting as an intermediary, we will need to share some of your personal data with the providers of such third-party services. Such providers will have their own privacy practices and Trotter is not responsible for these. It is up to you to familiarise yourself with the relevant privacy notices of any third-party service providers.
Trotter’s services, provided by Wintergreen Advisors Limited, are not intended for children, and we do not knowingly collect data relating to children. You are not permitted to use our services if you are under 18 years of age or residing outside of the UK.
Controller
Wintergreen Advisors Limited is the controller and responsible for your personal data, referred to as “Trotter,” “we,” “us,” or “our” in this privacy policy.
If you have any questions, including any requests to exercise your legal rights, please contact us using the details provided in the contact information section.
Personal data, for Trotter’s operations, encompasses a variety of information from which an individual can be identified. We categorise the personal data we handle as follows:
Identity Data: This includes first name, last name, any previous names, username or similar identifier, and passport or visa information for travel documentation.
Contact Data: Comprises billing address, email address, and telephone numbers necessary for booking and customer service.
Financial Data: Covers payment card details required for processing transactions which we may need to provide to third-party providers of any third-party services we arrange for you.
Transaction Data: Details about bookings and services you have arranged through us.
Technical Data: Information like IP address, login data, and device information for accessing our platform.
Profile Data: Your usage preferences, feedback, and responses to surveys related to our services.
Usage Data: How you interact with our services and website.
Marketing and Communications Data: Your preferences regarding receiving marketing from us.
Additionally, we may sometimes use aggregated data, such as statistical or demographic insights, which does not identify you directly but helps us enhance our service offerings.
We collect your personal data through the following methods:
Direct interactions: You may provide us with your data by:
Booking third-party services through us.
Creating an account on our platform.
Subscribing to any newsletters we publish or using our services.
Requesting marketing materials to be sent to you.
Participating in a competition, promotion, or survey.
Contacting us with feedback or queries.
Automated technologies or interactions: As you use our service, we automatically collect Technical Data about your browsing activities and patterns through cookies and other similar technologies.
Third parties or publicly available sources: We may receive personal data about you from:
Third-party service providers involved in facilitating the travel services you have booked through us.
Financial and transaction data from payment processing services to complete your bookings.
Legal Basis for Processing
We process your personal data under the following legal bases:
Performance of a Contract: Necessary for the services you’ve engaged us to provide, such as booking travel services on your behalf.
Legitimate Interests: For operating our business, enhancing our services, and securing our platform, always ensuring your rights are not overridden.
Legal Obligation: Complying with legal requirements affecting our services.
Consent: Specifically for sending newsletters or marketing communications you’ve agreed to receive.
Purposes for Processing Your Personal Data
We use your personal data for various purposes, aligned with the legal bases mentioned:
To register and manage your account, and provide you with services under the performance of a contract.
To help facilitate third-party services for you on your behalf, including sharing financial data with third-party service providers for them to take payments directly from you, based on our contract and legitimate interests.
To manage our relationship with you, notify you of changes to our terms or privacy policy, and address your service inquiries, under both contract performance and legal obligations.
For marketing, we use data analytics to improve our service offerings and customer experience based on legitimate interests. Consent is obtained where required for direct marketing.
To ensure the security and operational integrity of our platform, based on legitimate interests and legal obligations.
Data Retention
We retain personal data only as long as necessary for the purposes it was collected or for as long as necessary to comply with our legal obligations.
Direct Marketing
You have control over whether you receive marketing communications from us and can opt out at any time through the links provided in our communications.
Cookies
Trotter uses essential cookies to ensure the efficient operation of our website and enhance your user experience. These cookies are necessary for technical reasons, such as keeping track of your current session and enabling secure transactions. We also include optional cookies for analytics and personalised content. We recommend staying informed by reviewing our privacy notice for any updates on our use of cookies.
We may share your personal data with the following categories of third parties for the purposes outlined in our data processing activities:
Internal Third Parties: Related entities within the Wintergreen Advisors Limited corporate family who support our service delivery.
External Third Parties (our suppliers): These include but are not limited to our suppliers for analytics and service improvement, and legal and regulatory bodies as required.
Third-Party Service Providers (as defined in our Legal Terms): Partners with whom we facilitate third-party services as an intermediary.
Business Transfers: In the event of a business sale, merger, or acquisition, new owners may use your data under this privacy policy’s terms.
We mandate all third parties to respect your data’s security and comply with the law.
In providing our services to you, or facilitating third-party services between you and third-party service providers, Trotter may need to transfer your personal data to countries outside the UK, potentially where data protection laws differ from those in the UK. To ensure your data is protected:
Where necessary (i.e., where such transfer is to a country not recognised by the UK as having adequate data protection laws), we use standard contractual clauses and transfer agreements approved by the UK
Alternative safeguards may include bespoke contracts approved by regulatory bodies or adherence to approved codes of conduct.
For specifics on these mechanisms or to request a copy, please contact us directly.
Trotter has implemented robust security measures to protect your personal data against unauthorised access, disclosure, alteration, or loss. Except where it needs to be shared with a third-party service provider to facilitate their offer of a requested third-party service to you, access to your personal data is strictly limited to those within our organisation who need to access it, all acting under our direction and bound by confidentiality obligations.
Trotter retains your personal data only as long as necessary for the purposes it was collected, including legal, regulatory, or tax requirements. We consider the data’s nature, sensitivity, and the risk of harm from unauthorised disclosure to determine retention periods. Legally, we must keep customer information for six years post their customer status for tax purposes. You may request data deletion under specific conditions. Additionally, we may anonymise data for indefinite processing and service improvement without further notice.
You have a number of rights under data protection laws in relation to your personal data.
You have the right to:
Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data (note this will rarely be the case but will always be the case in respect of direct marketing). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
If you want us to establish the data’s accuracy;
Where our use of the data is unlawful but you do not want us to erase it;
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please contact us (see Contact details in Paragraph 10).
For any questions regarding this privacy policy, the use of your personal data, or if you wish to exercise your privacy rights, please contact us through the following means:
Email address: support@jointrotter.com
Postal address: 1 Berkley Street, London W1J 8DJ, United Kingdom
Our team is ready to assist you with any inquiries or requests related to your personal data.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We keep our privacy policy under regular review.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
Our website and communications may direct you to third-party sites and services, which might collect data about you. Trotter does not control these third parties or their privacy practices, even when we facilitate your interaction with them. We advise you to review the privacy policies of any third-party services to understand how they handle your data.
