Privacy Policy

Effective date: April 3, 2023 - Timeshare Payback is a trading style of Timeshare Payback Ltd (Company No: 14128007) of Management Suite 1 The Oasis, Meadowhall Centre, Sheffield, S9 1EP. We are committed to protecting and respecting your privacy.

WHAT IS THE PURPOSE OF THIS PRIVACY NOTICE?

This Privacy Policy sets out how ‘We’, uses and protects any information that the ‘You’, the user, provides to ‘Us’, throughout this website and our service.

Where we ask you to provide certain information by which ‘you’ can be identified (i.e. Personal Data) after providing this information, then this information shall only be used in accordance with this Privacy Policy.

This website has not been designed for use by children. We do not knowingly collect data relating to children.

WHO IS THE DATA CONTROLLER?

We are the (Data) Controller and are responsible for your personal information. As a controller of personal data, Timeshare Payback is registered with the Information Commissioners Office (ICO), our ICO registration is: ZB537355.

We are not required to appoint a Data Protection Officer (DPO). If you have any questions relating to this privacy notice, including any requests to exercise your legal rights, please use the below contact information.

Our contact details:

Full name of Legal Entity: Timeshare Payback Ltd T/a Timeshare Payback
Postal Address: Management Suite 1 The Oasis, Meadowhall Centre, Sheffield, S9 1EP
Telephone Number: 0114 299 1880
Email: info@timesharepayback.co.uk

WHAT INFORMATION DO WE COLLECT FROM YOU?

How is Personal Data/Information defined?

Personal Data or Personal Information can be defined as “Any information about an individual from which that person can be identified” This does not include data where the identity has been anonymised.

Under GDPR we will only collect information that is specified, explicit and legitimate for the purposes required. This means the data we collect must be adequate, relevant and limited to the requirements of the service.

We may collect, use, store and transfer different kinds of personal information about you. These are detailed as possible:

  • Identity Data: First name, last name, maiden name, marital status, date of birth and gender
  • Contact Data: Current address, previous addresses and postcodes, email address and telephone number
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform and other technology on devices you use to access the website
  • Profile Data: Includes, understanding the services you’ve engaged, your interests, preferences, feedback and analysing the data you have provided as part of the service to improve our services, marketing, customer relationships and experiences.
  • Usage Data: Information about how you use our website, and services.

Aggregated Data

We collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

Special Categories of Personal Data

If we identify that you are a vulnerable customer, we may collect data relating to your health to ensure we can tailor and adjust our service to your needs and circumstances. We will obtain your consent to obtain and store this data for the sole purpose of delivering our service.

We do not collect any other Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you do not provide Personal Data?

Where we need to collect personal data and you fail to provide the data when requested, we may not be able to provide the service to you. In this case, we may not be able to proceed with the service requested.

HOW IS YOUR PERSONAL INFORMATION COLLECTED?

We have different methods of collecting data from and about you, including via:

  • When you complete information on our website. This may include your Name, Telephone number, email address and details of your enquiry which is provided when you ask us to contact you about our services:
  • When you telephone us to enquire about pursuing a claim. The information we will collect will include: Name, Address, Email- Address, Telephone Number, Details of the timeshare purchase, such as what and when purchased, how paid, plus basic summary of experiences with the timeshare.
  • With regards to a referral from The Timeshare Advice Line Limited- Client would be emailed the contact details of Timeshare Payback Ltd from The Timeshare Advice Line to contact Timeshare Payback Ltd directly. (The Timeshare Advice Line Limited (Co No:09923793) is owned by Bethan Pryce.
  • Whenever you provide information to us when reporting a problem with our site or making a complaint or making an enquiry for any other reason.

We may also collect other data in the following ways:

IP Address

We may collect information your device, including where available your Internet Protocol address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

Cookies

A cookie is a small file of letters and numbers that are downloaded on to your computer when you visit a website. Upon entering our website, we will request you either accept or reject the use of cookies. Cookies assist us in providing a better service and website. The use of cookies allows the website to recognise your device and store information concerning your preferences or past actions.

You may create custom alerts when websites use or store cookies on your browser. If you wish to refuse cookies altogether, this can be done within your browser settings.

Our Site uses cookies to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve our Site. For detailed information on the cookies, we use visit our cookies page.

PURPOSE/LAWFUL BASIS FOR PROCESSING PERSONAL DATA

We will only use your personal information/data should the law allow it. Most commonly, we will use your personal data under the following circumstances. These are also known as the ‘Legal Basis for Processing’. This is summarized below:

Purposes for processing personal data

  • Lawful basis
  • To contact you following the submission of an enquiry regarding a mis-sold Timeshare Property
    • Consent
  • To identify if you have a potential Timeshare Claim
    • Legitimate Interest
  • To recommend a third party (more information detailed below about Third parties) to you whom can process your claim
    • Consent
    • Explicit Consent (health data)
  • To share any vulnerability information with third parties so that these parties are aware of such and can support a vulnerable customer and have consideration for any specific needs or requirements to adapt their service delivery
    • Consent
    • Explicit Consent (health data)
  • Asking you to leave a review or take a customer satisfaction survey.
    • Consent
  • To publish feedback/testimonials provided by you regarding the satisfaction of our services
    • To respond to any data subject access requests that we may receive from you
    • Legal Obligation
  • Recording and monitoring telephone calls and communications to ensure compliance with regulatory obligations and rules and to ensure firm processes for quality and training purposes.
    • Legal Obligation
  • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)
    • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
    • Legal obligation
  • Notifying you about changes to our terms or privacy policy
    • Legal Obligation

Third Parties

To allow us to provide our services to you, we will recommend the following company to pursue a mis-sold timeshare claim. We currently only recommend:

  • Strax Capital Legal Limited: Your data may be passed with your consent to Strax Capital Legal Limited for the purposes of pursuing a mis-sold Timeshare claim. This may include Name, Address, Email- Address, Telephone Number, Details of the timeshare purchase, such as what and when purchased, how paid, plus basic summary of experiences with the timeshare.

Disclosure of your personal data

We may have to share your personal data with the parties set out below for the purposes set out in the table above. These companies will not use your information to contact you. Selected third parties will be subject to obligations to process your personal information in compliance with the same safeguards that we deploy.

  • Third parties service providers, for example: Telecommunications, IT systems etc acting as processors based in the United Kingdom who we engage to deliver our services (e.g. host our dialer system, electronic storing of your personal data).
  • HM Revenue & Customs, Regulators (Financial Conduct Authority, Information Commissioner’s Office), and other authorities acting as processors based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • Accountants, Solicitors, Compliance Consultants, and other like services acting as processors based in the United Kingdom who require the reporting of processing activities in certain legal and compliance circumstances.
  • Third parties to whom the firm may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change in these circumstances occurs, your personal data will be used in the same way as set out within this privacy policy.

We will not sell, assign, disclose or rent your personal data to any other external organization or individual except for where the law requires us to disclose it, or where it is necessary to disclose the information to comply with a regulatory or legal process. We have carefully selected our third parties due to their commitment to keeping your data safe, and all data is processed within the European Union and subject to the same legislation. If you request for us to stop processing your data, we will also communicate this to the relevant third parties if they are processing this on our behalf. If you have any concerns about the above third parties, please let us know and we can provide advice and support to help you manage your data preferences.

International transfers

We do not transfer your personal data outside the European Economic Area (EEA).

Data security

We are committed to ensuring your information is safe and secure. In order to prevent unauthorized access or disclosure, we have developed, implemented, and maintained suitable physical, electronic, and managerial procedures to safeguard and secure the information collected online. We wish for our customers to be completely confident in using our services, therefore we regularly review our processes and procedures to protect your personal information from unauthorized access, use, accidental loss, destruction, or disclosure.

Data retention

How long will we hold your personal data?

We will only retain your personal data for as long as is necessary to fulfill our obligations under the provision of our service as well as any purposes necessary to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk, of harm of unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, including applicable legal requirements. Details of retention periods for different aspects of your personal data are available upon request. By law, we have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.

In some circumstances, you can ask us to delete your data under the ‘Right to Request Erasure’. However, an erasure request may be partially declined. In the event a complaint has been made, coupled with an erasure request, we will maintain records relating to the complaint, including basic information such as name, and telephone name. In the event that you do not wish to be contacted by us, we are required to maintain a log of this request, withholding applicable data to ensure we no longer contact you further.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your legal rights

In accordance with GDPR, you, in your capacity as a consumer and citizen you are entitled to a range of specific rights as the Data Subject that you may exercise under particular conditions, with a few exceptions.

Your Right to ACCESS

The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps you to understand how and why we are using your data, and to check we are using it lawfully.

Your right to RECTIFICATION

You have the right to have inaccurate personal data rectified. You may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.

Your right to ERASURE

Under certain circumstances you have the right to have personal data erased. Also known as ‘The right to be forgotten’. The right is not absolute.

Your right to RESTRICT PROCESSING

Under certain circumstances you have the right to request the restriction or suppression of your personal data, and as like the right to erasure, it is not absolute. Restriction of processing means we are permitted to store your personal data, we are unable to use it.

Your right to DATA PORTABILITY

You have the right to obtain and reuse your personal data for your own purposes across different services. This eases the copying or transferring of personal data easily from one IT environment to another, safely and securely, without affecting the usability of the data.

Your right to OBJECT

Under certain circumstances you have the right to object to the processing of your personal data, however you do have the absolute right to object to direct marketing.

Your right to be INFORMED

You have the right to be informed about the collection and use of your personal data. Your right to be informed forms part of this policy, and provides the purposes for processing your data, our retention periods, and who it will be shared with.

Data subject access requests (DSAR)

You have the right to access your personal information. Also known as a Data Subject Access Request (DSAR). This means you are entitled to obtain the following information about yourself:

  • Confirmation that we are processing their personal data;
  • A copy of their personal data; and
  • Other supplementary information;

A third party may make a request on your behalf. This will often involve a solicitor acting on your behalf. We will require evidence from the third party as to evidence this entitlement. This may take the form of a written authority or be a more general power of attorney.

How do we provide you with the data you have requested?

If you make a request electronically (via electronic means), we will provide the information in a commonly used electronic format unless you have specified otherwise. Please note, we may extend the time to respond by a further two months if the request is complex or you have made multiple requests. As you have the right to be informed, we will always ensure you are notified within one month of receiving the request, accompanied by an explanation.

How long do we have to comply with a request?

We must act on your subject access request without undue delay and at the latest within one month of receipt. This is calculated as beginning from the day following receipt of the request until the corresponding calendar data the following month. We may request your identity to satisfy the request, however, this will be proportionate to the request itself and if we have doubts about the authenticity of identification.

Will it cost you anything?

For the vast majority of requests, we cannot charge you a fee. Where the request is manifestly unfounded or excessive, we may charge a reasonable fee to cover the administrative costs of complying with the request. This also applies in the event that you request further additional copies of data following your initial request. This will again be charged as an administrative cost.

Changes to this privacy policy

We may update this privacy policy from time to time by posting a new version on our website, You should check this page occasionally to ensure you are happy with any changes although anything that will affect you will be communicated directly to you.

Contact us

If you have any questions about this policy or our treatment of personal data please contact us:

  • By Email at: info@timesharepayback.co.uk
  • By Post to: Management Suite 1, The Oasis, Meadowhall Centre, Sheffield, S9 1EP
  • By telephone: 0114 299 1880

Complaints

If you are not happy with how we process your personal information, you should contact us using the contact details provided above, to make a complaint. You also have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your personal information, for example, if we were to refuse to comply with a data rights request. We would, however, prefer that you direct any complaints to us in the first instance so we may attempt to resolve your concerns. You can find details of how to make a complaint to the ICO on their website, at https://ico.org.uk/make-a-complaint/

ICO’s address:

  • Information Commissioner Office:
  • Wycliffe House
  • Water Lane
  • Wilmslow
  • Cheshire
  • SK9 5AF
  • Tel: 0303 123 1113