Privacy Policy

1. About this policy & who we are

HB Agency Group is a travel agency that designs, plans, and books trips for our clients. When you enquire about a destination, request a quote, sign up for our newsletter, or book travel through us, we act as the controller of the personal information you share. That means we are responsible for deciding how and why your data is processed.

This policy is aimed at travelers who use our website and services, including casual visitors, prospective clients, booked guests, and anyone who corresponds with our team. If you book on behalf of someone else (for example, family members or colleagues), please share this notice with them so they understand how their information will be used.

If anything in this policy is unclear, or if you'd like to ask a privacy-related question, you can reach our team directly. Contact details are listed at the end of this page.

2. The information we collect

We collect different types of information depending on how you interact with us. To make this easier to follow, here is a summary of the main categories:

We do not knowingly collect information from anyone under the age of 16. If you believe a minor has provided us with information without parental consent, please contact us so we can remove it.

3. How we collect your information

We collect information in three main ways:

Directly from you

You give us most of the information we hold about you. This happens when you fill in an enquiry form, book a trip, sign up for our newsletter, take part in a survey, or simply email or call our team. We may also collect information during in-person meetings or planning calls.

Automatically, when you use our website

As you browse hbagencygroup.com, we collect technical information about your device and how you use the site through cookies and similar technologies. This includes log data such as pages visited, time spent, and referring URLs. For more detail on the specific cookies in use, please see our cookie notice on the website.

From third parties and public sources

We sometimes receive information from partners who help us deliver your trip — for example, hotels, airlines, ground operators, and tour providers — or from analytics, advertising, and search providers. We may also receive information from people booking on your behalf (such as a partner or assistant), or from publicly available sources if relevant to verify identity for a high-value booking.

4. How we use your information

We only use your personal information when the law allows us to. Most commonly, we rely on one of the following legal bases:

• Contract — to take steps at your request before entering into a booking contract, and to fulfil the contract once it's in place (e.g., booking flights, accommodation, and activities).
• Legitimate interests — to run our business, improve our services, prevent fraud, and communicate with you in ways you'd reasonably expect, balanced against your rights.
• Consent — for marketing emails to new individual subscribers, certain cookies, and any sensitive information you choose to share with us.
• Legal obligation — to comply with tax, accounting, anti-money-laundering, and other regulatory requirements that apply to travel businesses.

The most common reasons we process your information include:

• Responding to enquiries and preparing personalized travel proposals
• Booking and managing the components of your trip with our suppliers
• Processing payments and refunds, and keeping accurate accounting records
• Providing customer support before, during, and after your trip
• Sending you service messages (booking confirmations, itinerary changes, travel advisories)
• Sending marketing communications you've opted into, and tailoring them to your interests
• Running, securing, and improving our website and the services we offer
• Conducting market research and analyzing trends among our travelers
• Meeting our legal, regulatory, and contractual obligations

Marketing communications

We'd love to keep you up to date with destination ideas, special offers, and stories from our team — but only when you want to hear from us. You can opt out at any time by clicking the unsubscribe link at the bottom of any marketing email, by adjusting your preferences in our preference center, or by contacting us directly. Opting out of marketing won't stop us from sending you essential service messages relating to a trip you've booked.

5. Who we share your information with

We share your information only with parties that need it to deliver your trip or run our business responsibly. These include:

• Travel suppliers — airlines, hotels, ground operators, transfer companies, tour and activity providers, cruise lines, and travel insurers used to fulfil your itinerary.
• Payment processors and financial institutions — to process card payments, refunds, and chargebacks securely.
• Service providers — IT hosting, email and CRM platforms, analytics providers, advertising partners, customer service tools, and professional advisors (legal, accounting, insurance) who assist us under written contracts.
• Regulators and authorities — where we are required by law to share information (for example, with tax authorities, law enforcement, or border agencies).
• Other parties in the event of a corporate change — such as a sale, merger, or restructuring of our business, in which case your information may transfer to the successor entity under equivalent privacy protections.

We do not sell your personal information to third parties for their own marketing purposes.

6. International data transfers

Travel is, by its nature, an international business. To deliver a trip we often need to share information with suppliers and service providers in countries outside your home region — for instance, a hotel in another country, a local guide, or an airline based abroad. Some of our IT providers also process data outside the UK and EEA.

When we transfer your information outside the UK or EEA, we make sure a similar level of protection is in place by relying on one of the safeguards permitted under data protection law, such as transfers to countries the UK or EU has formally recognized as providing adequate protection, or the use of standard contractual clauses approved by the relevant authorities. If you'd like a copy of the safeguards we use for a specific transfer, please contact us.

7. How we keep your information secure

We use a combination of organizational and technical measures designed to keep your information safe and to limit access to those who genuinely need it. These include access controls on our systems, encryption in transit, secure payment infrastructure provided by reputable processors, vendor due diligence, and regular reviews of our practices.

While no system can be guaranteed to be perfectly secure, we take security seriously and have procedures in place to deal with any suspected data incident. We will notify you and any applicable regulator of a breach where we are legally required to do so.

8. How long we keep your information

We hold on to your personal information only for as long as we need it for the purposes set out in this policy, including to satisfy any legal, accounting, or reporting requirements. The right retention period depends on the type of data, the nature of our relationship with you, and the risks involved.

As a general guide:

• Booking records and related correspondence are kept for as long as you remain a client and for a reasonable period afterwards to handle queries, complaints, or insurance matters.
• Financial records are kept for the period required by tax and accounting laws (typically several years).
• Marketing preferences are kept until you ask us to stop, plus a short period afterwards to record that you have opted out.
• Website analytics data is generally kept for a limited period and is often aggregated so it can no longer identify you.

When we no longer need your information, we securely delete it or anonymize it so it can no longer be associated with you.

9. Your privacy rights

Depending on where you live, you have rights over the personal information we hold about you. For travelers in the UK and EEA, these include:

• Access — to ask for a copy of the information we hold about you.
• Correction — to ask us to fix anything that is inaccurate or incomplete.
• Erasure — to ask us to delete your information where we no longer have a good reason to keep it.
• Restriction — to ask us to pause certain uses of your information while a question is being resolved.
• Objection — to object to processing we carry out on the basis of legitimate interests, including direct marketing.
• Portability — to receive certain information you have provided to us in a structured, machine-readable format.
• Withdrawal of consent — where we rely on your consent, to withdraw it at any time.

You will not have to pay a fee to exercise any of these rights in most cases. We may need to verify your identity before responding, and we will reply within the timeframes required by law (usually one month).

If you have any concerns about how we have handled your personal information, please get in touch first so we have a chance to put things right. You also have the right to lodge a complaint with a data protection authority — for example, the Information Commissioner's Office (ICO) in the UK.

10. Changes to this policy & how to contact us

We may update this policy from time to time to reflect changes in our services, in technology, or in the law. When we do, we'll update the "Last updated" date at the top of the page. If the changes are significant, we'll let you know more directly — for example, by email or through a notice on our website.

If you have any questions about this policy, want to exercise your rights, or simply prefer to chat through your privacy options with a person, please get in touch: