Privacy Policy

Last updated: 23 June 2025 


1. Introduction 

Medlife Holidays (“we”, “us”, “our”) is committed to protecting your privacy and processing your data in compliance with UK GDPR, Data Protection Act 2018, and applicable laws. This policy explains how we collect, use, share, and protect your personal data when using our website, booking services, or contacting us. 


Contact us: 

Data Controller: Gouvon Ltd 

Address: 1/307 Garrat Lane, London, SW18 4DX 

Email: account@medlifeholidays.com 


2. How and what data we collect 

We collect personal data via: account registration, booking forms, payment forms, newsletters, surveys, website cookies, and contact forms. 

a) Booking-related data: 

  • Identity: full name, date of birth, nationality, passport/visa numbers
  • Contact: email, phone, address
  • Payment: card details (processed securely), billing info
  • Preferences/health: dietary needs, medical info
  • Travel history: past trips, destinations 


b) Technical & usage data: 

  • IP address, device/browser type, session times
  • Cookies, analytics, tracking data 


c) Communications: 

  • Marketing preferences, feedback, query history 


3. Why we use your data & lawful bases

Purpose Data Used Lawful Basis
To process, manage bookings All booking-related data Performance of contract
Payment processing Payment and billing data Performance of contract
Customer service & communications Contact and query data Contact Legitimate interests
Marketing (with consent) Contact, preferences Consent
Site & service improvement Usage & device data Legitimate interests
Legal compliance and fraud detection Relevant transaction data Legal obligation

4. Cookies and tracking tools 


We use cookies and similar tech for session functionality and analytics. You can manage preferences via our cookie banner. 


5. Sharing your information 


We share your personal data with:

  • Travel providers (airlines, hotels, car hire) to fulfil your booking
  • Payment processors (e.g. Stripe, PayPal) for secure transactions
  • IT service providers (e.g. hosting, CRM, analytics providers)
  • Legal and fraud prevention bodies, if required by law 


Overseas transfers: 


Data may be transferred outside the UK/EU. We rely on adequacy decisions or Standard Contractual Clauses to ensure compliance. 


6. Data retention 


We retain: 

  • Booking and payment data: typically 7 years post-service, as required by tax/regulatory law • Marketing data: until consent is withdrawn
  • Analytics data: anonymised or deleted after 2 years 


7. Your rights 


As a data subject, you have the right to: 


  • Access your data
  • Correct inaccuracies
  • Delete data (“right to be forgotten”)
  • Restrict processing
  • Object to processing (e.g., marketing)
  • Data portability

• Withdraw consent at any time 


To exercise your rights, contact janine@gouvon.com. We will respond within one month. You can also lodge a complaint with the ICO: https://ico.org.uk 


8. Security measures 


We implement measures such as encryption (SSL/TLS), secure servers, access controls, and staff training to protect personal data. 


9. Changes to this policy 


We may update this policy occasionally. We’ll notify you via website updates. The “Last updated” date indicates current version