Ski Astons Privacy Policy

Privacy Policy and Personal Data Collection Facts


Ultima Tours Limited trading as Ski Astons (‘Ski Astons’ or ‘us’ or ‘we’) is committed to protecting and respecting your informational privacy.

This Privacy Policy explains how, when and why we use your information and explains your rights in relation to that information. Your information is described and referred to in this Privacy Policy as ‘your personal information’ or ‘personal data’.

This Privacy Policy also explains how others, including other organisations may or will use your personal data.

This is the Privacy Policy for:

  • Our website at
  • Our customers, or prospective customers of our products and services;
  • For prospective staff who wish to offer their services on our tours.

By accessing and using our website or engaging us to provide you with our products and services or completing an online contact form, you agree to the collection, use, storage and transfer of your information under the terms of this Privacy Policy, including where applicable, Ski Astons’ terms and conditions of business, the Data Protection Act 2018 and the UK General Data Protection Regulation (‘UK GDPR’).

Who we are and what we do

We are a UK based travel and tour operator specialising in organising tailor made ski trips and training packages for schools and youth groups in the UK and Europe.

Identity of data controller

Ultima Tours Limited (trading as Ski Astons) (whose registered office is at 15-17 Church Street, Stourbridge, West Midlands, United Kingdom, DY8 1LU) is registered with the Information Commissioner’s Office (the ‘ICO’) as a data controller with registration reference ZA804012.

The ICO is the United Kingdom’s independent regulatory authority in relation to data protection and information rights.

If you have any enquiries, concerns or complaints about our data processing activities, please contact us at or write to us at: The Chalet, Clerkenleap, Bath Road, Broomhall, Worcester WR5 3HR.

The ICO also provides a helpline and complaints service and can be contacted at: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or at or by telephone on 0303 1231113.

Securing your personal information and your responsibilities

We take the security of your personal information very seriously and we use appropriate security measures to protect your informational privacy.

Although it is our responsibility to ensure compliance with UK data protection laws we also ask you to act responsibly with your own or your groups’ personal data; so please:

  • Make sure you read this Privacy Policy and make sure that you and any other individuals you represent fully understand its contents. If you have any questions about it please contact us at
  • If you believe your informational privacy has been breached by using our website or in any dealings with us, please contact us immediately;
  • Although we use appropriate security measures to protect your informational privacy and follow industry best practice, unfortunately, any form of data transmission which is based on using the Internet (including unencrypted emails) can never be guaranteed as completely secure. Therefore, we encourage the use of password protected documents if they contain personal data;
  • We cannot accept liability or responsibility for any unauthorised access to or loss of your personal data that is beyond the scope of the appropriate security measures that we have put in place.

Please also see the section below ‘How is your Information Protected?’

What information do we collect about you

We will collect information about you and/or your organisation when you access or visit our website (including when you complete the online contact sign up form);  when you search our website for information about our products and services, or request further information from us.

The type of information we may collect from you when you visit or search our website, may include your name, postal address, e-mail address and telephone number (if you complete the online contact sign up form); as well as information about your computer or mobile device via analytics software such as Google Analytics or other similar technologies. The information we collect includes details of your visits to the website, traffic data, location data, your IP address, operating system and browser type.

If you contact Ski Astons, we may keep a record of any communication dependant on the nature and purpose of the communication, subject to our data retention policy.

1.1 How do we use the information we collect about you?

  • To contact you about your website enquiry or for your views on our services;
  • If you agree, to keep you informed about our products and services that we offer and about our news and promotions;
  • To manage, maintain and improve our website.

1.2 How long do we hold your personal information?

We only retain your information in relation to website activity for up to twelve months. However, if you make an online enquiry via our website then please see section 2.2 below relating to customer and prospective customer data.


We will collect information about you if:  you ask us for a quote or following an enquiry about a tour or a training course; if you sign up to our mailing list (via our website or at an exhibition) or place a booking for our products or services; if you make an Insurance claim or complaint or if you use our support and administrative services or ask for further information from us.

The type of personal information we may collect from you is:

  • Personal details (your name, age and gender);
  • Contact details including your email address and telephone numbers;
  • Financial details (credit/debit card and bank details);
  • Travel documents (passport and visa information, travel insurance); Care needs (special needs, medical conditions, dietary requirements);
  • Information about your social preferences and interests.

If you are a Teacher, youth organiser or any other lawfully authorised individual and you are providing personal information to us on behalf of any person under the age of eighteen, please also see the section below on ‘Consent’ and  ‘Processing Special Category Data and Children’s Privacy’.

2.1 How do we use the information we collect about you?

  • To process and manage your quote or booking;
  • Sharing your personal data with our suppliers;
  • Account management, including payment, debt management and refunds;
  • For claims management and insurance purposes;
  • For record keeping purposes;
  • To contact you and respond to your enquiries and complaints;
  • To notify you about important changes or developments relating to your booking;
  • If you agree, to keep you informed about our products and services that we offer and about news and promotions;

2.2 How long do we hold your personal information?

We retain our customer data (including prospective customer data) for as long as it is necessary to fulfil the purposes it was collected for, which we assess by reference to the following criteria: as required to satisfy any legal, accounting, regulatory or reporting obligations, or as necessary to resolve disputes and our legitimate interests. We keep our data retention under regular review and where possible aim to delete all customer related data after a maximum period of fifteen years from the date of the last booking or communication with us.


We will collect information about you if you make an enquiry about offering your services to us as a member of our training staff or as tour guide or as a training instructor.

The type of personal information that we may collect from you is:

  • Your name and contact details;
  • Your current and up to date CV;
  • Copies of relevant qualifications and licences (e.g. DBS certificates); Details of medical conditions including dietary requirements;

3.1 How do we use the information we collect about you?

  • To arrange an interview or make you an offer of employment;
  • To contact the providers of your references;
  • To generate contractual agreements and other legal documents to support your engagement;
  • To contact next of kin in an emergency;
  • To monitor and record your performance during agreed periods of service with us;
  • To record training undertaken and evidenced to the requirements of the School Travel Forum;
  • To record and monitor any work place accidents.

3.2 How long do we hold your personal information?

We retain our staff data for as long as it is necessary to fulfil the purposes it was collected for, which we assess by reference to the following criteria: as required to satisfy any legal, accounting, regulatory or reporting obligations, or as necessary to resolve disputes. We keep our data retention under regular review and where possible aim to delete all staff data after a maximum period of ten years from the date of cessation of service with us.

Basis of our lawful processing

The obligations imposed on us by data protection law means that we can only use your personal data if we have a lawful reason to do so. In this section we explain the lawful reasons we have for using your personal data:

Our contract with you

We use your personal data because it is necessary for the purposes of: (i) the formation, performance or termination of our agreement with you in relation to the sale, supply and support services (including Insurance claims) of our products and services in accordance with our terms and conditions of business and for our agreements with members of staff; or, (ii) because we have asked you or you have asked us to take specific steps before entering into such an agreement.

In summary, processing your personal data is contractually necessary for:

  • The sale and supply of our products and services to you;
  • Managing your booking, delivery of our services, receiving and making payments and refunds;
  • Making bookings with third parties on your behalf such as airlines, hotels and other intermediaries;
  • Account management, including providing and administering your holiday booking;
  • Administrative tasks relating to our contract with you, including providing customer service messages and notifications relating to processing payments, managing claims;
  • Where you are a member of staff, for the formation, performance and termination of our agreement with you.

Our legal obligations

Processing your personal data is necessary to fulfil a legal obligation that we are required to comply with such as adhering to the requirements imposed by UK legislation or other mandatory obligations imposed by the public law agencies of your holiday destination relating to e.g. border control, security and anti-terrorism controls as well as Income Tax Acts, VAT Acts, Companies Acts; the regulatory requirements imposed by HMRC and the ICO; anti-money laundering measures; the prevention and detection of fraud; responding to a request from the English courts or the police; defending legal rights; our insurance obligations and ICO record keeping obligations.

Your consent

Where you have given us your explicit consent for us to process your personal data for any of the following purposes:

  • Processing any special category data strictly necessary for the processing and performance of your holiday booking [1]
  • When you visit or use our website;
  • Sending you notifications, text messages and emails about our products and services, events and promotions;

Please note that if you are a Teacher, youth organiser or any other lawfully authorised individual and you are providing personal information to us on behalf of any person under the age of eighteen, then you warrant and agree that:

  • you are have the explicit consent of the parents or lawful guardians of all individuals in your party, to provide the necessary categories of personal information to us, and;
  • that all members of your party are aware of our Privacy Policy and that their information is to be passed to us for processing, and;
  • an Information Sharing Agreement (‘ISA’) will be entered into, which will confirm that you have gained the explicit consent from those whose personal information will be shared with Ski Astons.

(Please also see the sections below on ‘Processing Special Category Data ’ and ‘Keeping You Informed’).

Our legitimate interests

Where processing your personal data is necessary for our own legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your individual rights and interests.

Our legitimate interests are:

  • Delivering, developing, and improving our products and services;
  • Our direct marketing activities, including determining whether our marketing activities are effective;
  • Recording and monitoring telephone calls for training purposes and to improve the quality of our services;
  • Improving customer facing services, including managing complaints;
  • Producing management information; Preventing crime and detecting fraud.

We do not  make your personal details available to third party companies for marketing purposes. We do not rent or trade marketing lists with other organisations or businesses. You can withdraw your consent to our marketing emails at any time either by clicking on the ‘Unsubscribe’ link in our

notifications, messages or emails (where applicable) or by replying to our email with the words ‘please unsubscribe’ or calling Customer Services on 01905 388070.

[1] Relating to racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life and sexual orientation.

Processing Special Category Data
  • Where we collect, process and store any of your special category data, we only do so with your explicit consent or because:
  • Processing is necessary in the event of emergency, to protect your vital interests if you become physically or legally incapable of giving consent;
  • It is necessary for reasons of public interest in the area of public health such as protecting against serious cross-border threats to health;
  • It is necessary for the establishment, exercise or defence of legal claims either when we are faced with any legal claims made against us or where we pursue legal claims ourselves.

It is necessary for the purposes of carrying out our obligations and exercising specific rights in the field of employment, social security and social protection law; including preventive or occupational medicine, the working capacity of an employee, medical diagnosis or treatment;

Where is the Data stored?

All data collected by Ski Astons is stored within the European Economic Area (EEA). In some instances, we may choose to engage other companies to store or process your personal data on our behalf. In every case, where we chose to do that, we will ensure that any company that we engage is subject to the same standards of data security and provides you with the same level of personal data protection as we are.

This means that where we may transfer or store your information outside the UK or EEA (European Economic Area), we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice (please also see the section ‘Sharing and transferring your data with or to third parties’ below).

Keeping you informed

If you are an existing customer and/or have bought or enquired about our products or services before, we may also use the information we collect to let you know about our other products and services which may be of interest to you and to keep you updated with information about promotional offers.

However, if you no longer want to receive material from us you can withdraw your consent at any time either by replying to our email with the words ‘please unsubscribe’ or calling Customer Services on 01905 388070.

Sharing and transferring your data with or to third parties

Depending on the services that we provide to you, we may share and transfer your personal data with or to other organisations and companies in order to provide our contracted services to you or meet our legal obligations.

We will only provide your personal information to those organisations and companies in order to deliver the service we have engaged them to provide on your behalf or as required by law. These services may include but are not limited to meeting our contractual obligations owed to you, answering your questions about our products or services, sending postal mail and e-mails, analysing data and to obtain professional advice.

Your personal data may be used to:

  • Process booking confirmation;
  • Request support or assistance in an emergency;
  • Provide necessary health and safety documentation to third party providers;
  • Settle invoices associated with our bookings;
  • Contact any of our employees involved with the tour.

And your personal data may be shared with:

  • Airlines;
  • Coach and Transport Suppliers;
  • Hotels and Local Agents;
  • Insurance companies;
  • Security or credit checking agencies;
  • Public Authorities (Customs and Immigration Agencies);
  • Venues and Attractions (including lift pass providers).

Where your chosen holiday is to a destination outside the European Economic Area (‘EEA’) we must make you aware that individual data protection safeguards, rights and freedoms may not be of an equivalent standard to those in the UK or within the EEA. In making a booking with us to a holiday destination outside the EEA, you agree to your personal information being transferred and shared with organisations and companies in non-EEA destinations as necessary to fulfil our contract with you or as required by law.

We may have to disclose your personal information as a result of our legal obligations for example because border controls require us to do so or because a court or the police or other law enforcement agency has asked us for it; please also see the section above ‘Our legal obligations’.

If you do not agree to us sharing or transferring your personal information in this way, then we will not be able to provide the holiday or tour to non-EEA destinations.

How is your Information Protected?

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Any processing of your information will only be carried out in an authorised manner and is subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Please also see the section above on ‘Your Responsibilities’.

If you want detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online is supported by HM Government and leading businesses.


As is common practice, our website uses cookies. To see our Cookies Policy, please click on the attached link

A ‘cookie’ is a small data file which our website server stores on your computer in order to improve functionality and collect information about your visit and to remember you when you visit again at a later date. The main purpose of a cookie is to identify users and to personalise their visit by customising web pages for their use. We may also use third parties who will collect data which is not personally identifiable to analyse site visits and carry out other similar activities. In the course of doing so, they may place their own cookies on your computer so that they can collect information about your visit. You may if you wish disable or delete such cookies through your internet browser. However, doing so may mean you will be unable to access our website or parts of it, your experience of our website may be adversely affected and/or you may not receive information which is relevant to your personal interests

If you do not want our website to set Cookies on your computer or your device at all, then you should either not use our website, or you should delete Ski Astons Cookies, after having visited the site, from your computer or device. As an alternative you may access our website using your browser’s anonymous user settings (e.g. “Incognito” in Chrome, “InPrivate” in Internet Explorer, “Private Browsing” in Firefox and Safari).

Alternatively, the ‘Help’ menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new Cookies; how to enable the browser to notify you when you receive a new Cookie or how to disable Cookies altogether. However, because Cookies allow you to take advantage of some of our website’s essential features, we recommend you leave them turned on.

A guide to behavioural advertising and online privacy has been produced by the internet advertising industry which can be found at The guide contains an explanation of the IAB’s self-regulatory scheme to allow you greater control of the advertising you see.’

Other Websites

Our website contains links to other sites such as accreditation companies and/or official regulating bodies. The Company is not responsible for the privacy practices or the content of such websites.

Your Information Rights

The UK GDPR, gives you a number of important Information Rights which in most cases you can exercise free of charge. However, your ability to exercise your Information Rights depends on various factors, and in some cases it will not be possible for us to agree to your request e.g. where legal exemptions apply or where the specific right you seek does not apply to the type of information we hold.

In summary, your Information rights are:

  • The right to obtain confirmation from us as to whether or not we are processing your personal data and if we are, the right to be provided with certain supplementary information about our processing activities; however, please note that this Privacy Policy is already designed to provide you with that supplementary information;
  • The right to ask us to correct any mistakes contained in the information we hold about you;
  • The right to require us to erase your personal data in certain situations;
  • The right to data portability, which means the right to receive (or for a third party you have chosen to receive) an electronic copy of the personal data you have given to us;
  • The absolute right to object at any time to processing your personal data where we only use it for direct marketing;
  • The right to object to decisions being taken about you based solely on automated means which produce legal effects concerning you or are similarly significant in how they affect you;
  • The right to object in certain other situations to our continued processing of your personal information;
  • The right to otherwise restrict our processing of your personal information in certain circumstances.

For further information on each of these Information Rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation, the link is here

If you would like to exercise any of the rights above, please email us at or write to us at The Chalet, Clerkenleap, Bath Road, Broomhall, Worcester WR5 3HR. Please provide us with enough information to identify you and let us know the information to which your request relates.

We want to make sure that your personal information is accurate and up to date. Therefore, if you think any information we hold about you is incorrect or incomplete, please email or write to us at the addresses given above as soon as possible so we can update our records.

Changes to this Privacy Policy

We keep our Privacy Policy under regular review and if we change our Privacy Policy we will post those changes on this page so that you are always aware of what information we collect and how we use it.  You should therefore refer to this policy regularly.

This policy was last updated in May 2022.