Privacy Policy

Privacy Policy — Off The Grid Travel

Privacy Policy

Off The Grid Travel Ltd  |  Last updated: May 2026

We believe in being straightforward. This page explains what personal information we collect when you enquire or book with us, why we need it, who we share it with and how long we keep it. It also explains your rights and how to exercise them. If anything is unclear, please get in touch and we will answer your questions directly.

Who We Are

Off The Grid Travel Ltd is a bespoke travel company based in London. We design and arrange personalised travel experiences across our three pillars: Roam, Restore and Renew.

For the purposes of UK data protection law, we are the data controller for the personal information you provide to us. This means we are responsible for deciding how and why it is used.

Off The Grid Travel Ltd
Suite RA01, 195-197 Wood Street
London, E17 3NU
Company No. 17151449
info@offthegridtravel.co.uk

What Information We Collect

When you make an enquiry

  • Your name and contact details (email address, phone number)
  • The destination, travel dates and type of experience you are looking for
  • Any preferences or requirements you share with us

When you make a booking

  • Full names of all travellers as they appear on their passports
  • Passport details (number, nationality, date of birth, expiry date)
  • Payment information, including billing details
  • Dietary requirements and food allergies
  • Health or medical information you choose to share with us that is relevant to your trip (for example, a condition that affects your accommodation requirements or activity choices)
  • Any other special requests relevant to your booking

When you use our website

  • Technical data such as your IP address, browser type and pages visited, collected via cookies and analytics tools including Google Analytics

We do not collect more information than we need, and we do not use your personal data for purposes that are incompatible with why it was originally collected.

Why We Collect It and Our Lawful Basis

Under UK GDPR, we are required to have a lawful basis for processing your personal data. Here is how that applies to the information we hold.

To arrange and fulfil your booking (contract performance)

We need your name, contact details, passport information and payment details in order to book your travel arrangements with our supplier partners and to deliver the services you have requested. Without this information, we cannot make your booking. Our lawful basis for this processing is performance of a contract (Article 6(1)(b), UK GDPR).

To meet our legal obligations (legal obligation)

We are required by law, including anti-money laundering regulations and financial record-keeping requirements, to retain certain information about transactions. Our lawful basis for this processing is compliance with a legal obligation (Article 6(1)(c), UK GDPR).

To operate our business and improve our service (legitimate interests)

We may use your contact information to respond to enquiries, follow up on outstanding bookings, and maintain records of our client relationships. Our lawful basis for this is our legitimate interests (Article 6(1)(f), UK GDPR) in running an effective and professional travel service. We have assessed that these interests are not overridden by your privacy rights.

Health and dietary information (explicit consent)

Information about your health, medical conditions, or health-related dietary requirements is classed as special category data under UK GDPR and requires a higher level of protection. We will only collect and use this information where you have given us your explicit consent (Article 9(2)(a), UK GDPR) and where it is strictly necessary to arrange your trip safely. You can withdraw this consent at any time by contacting us, though this may affect our ability to fulfil certain aspects of your booking.

Who We Share Your Information With

We share your personal data only with the parties who need it to deliver your trip. We do not sell your data to anyone.

Our supplier partners

To arrange your travel, we share the relevant personal details (names, passport information, dietary requirements and special requests) with the hotels, villa companies, activity providers and other suppliers who form part of your itinerary. These suppliers may be based outside the United Kingdom.

The Travel Trust Association (TTA)

As a TTA member, we may share booking and financial information with the TTA as required for client money protection purposes.

Payment processors

Your payment details are handled by our payment processing provider and are not stored directly on our systems beyond what is necessary to complete the transaction.

Technology and platform providers

We use Squarespace to host our website and may use tools such as Google Analytics to understand how our website is used. These providers act as data processors on our behalf and are contractually required to protect your data.

Legal and regulatory authorities

We may be required to disclose your information to regulatory bodies, law enforcement or other authorities where we are legally obliged to do so.

International Data Transfers

When your booking involves suppliers based outside the United Kingdom, such as a hotel in Europe, a villa company in the Mediterranean or an activity provider further afield, we will transfer the relevant elements of your personal data to those suppliers internationally.

Where those suppliers are located in countries that do not have a UK adequacy decision (meaning the UK has not formally assessed their data protection standards as equivalent to our own), we put appropriate safeguards in place. Specifically, we rely on the UK International Data Transfer Agreement (IDTA) or equivalent approved transfer mechanisms to ensure your data continues to be protected to UK GDPR standards when it leaves the UK.

If you would like to know more about the specific safeguards in place for a particular transfer, please contact us.

How Long We Keep Your Data

We do not keep your personal data for longer than we need it. The periods we apply are:

  • Booking and financial records: We retain these for seven years following the completion of your trip, as required by HMRC financial record-keeping obligations.
  • Passport and travel document details: Retained only as long as necessary to complete your travel arrangements and for a short period afterwards in case of any post-trip administrative matters, then securely deleted.
  • Enquiry records (where no booking follows): Retained for up to 12 months from your most recent contact, then deleted.
  • Health and special category data: Deleted promptly once your trip has been completed and any associated administrative matters have been resolved.
  • Website analytics data: Retained in accordance with the data retention settings of the relevant tool (typically 26 months for Google Analytics).

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data. We will respond to any request within one calendar month.

Right of Access

You can ask us for a copy of the personal data we hold about you.

Right to Rectification

If any information we hold is inaccurate or incomplete, you can ask us to correct it.

Right to Erasure

You can ask us to delete your personal data in certain circumstances, such as where we no longer need it and have no legal obligation to keep it.

Right to Portability

Where we process your data by automated means and on the basis of your consent or a contract, you can ask us to provide it in a portable, machine-readable format.

Right to Object

You can object to our processing of your data where we rely on legitimate interests as our lawful basis. We will stop unless we can demonstrate compelling grounds to continue.

Right to Withdraw Consent

Where we rely on your consent to process data (including health information), you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us using the details below. We may need to verify your identity before processing your request.

Right to complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK's data protection regulator, the Information Commissioner's Office (ICO).

You can contact the ICO at ico.org.uk or by calling their helpline on 0303 123 1113.

We would always prefer the opportunity to address any concerns directly before you contact the ICO, so please do reach out to us in the first instance.

Cookies

Our website uses cookies. Some are essential to the website's function; others are used for analytics purposes to help us understand how visitors use the site so we can improve it.

When you first visit our website, you will be given the opportunity to manage your cookie preferences. You can also adjust your browser settings to refuse cookies, although this may affect how the website functions for you.

We use Google Analytics, which places cookies to collect anonymised information about website traffic and usage. Google Analytics data is processed in accordance with Google's own privacy policy.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services or the way we use your data. The current version will always be published on this page with the date it was last updated. If we make any significant changes that affect you, we will let you know directly where we have the means to do so.

Contact Us

If you have any questions about this Privacy Policy, would like to exercise your rights, or want to raise a concern about how we handle your data, please get in touch.

Data enquiries:
Off The Grid Travel Ltd
Suite RA01, 195-197 Wood Street
London, E17 3NU

info@offthegridtravel.co.uk