Duckling Cruises logo

Privacy Notice

Treehouse Travel Ltd trading as Duckling Cruises (also referred to as “us”, “our”, “we”) is the controller and is responsible for your personal data (also referred to as “personal information”).

If you book travel arrangements through us you will enter a contract with the supplier of those arrangements (e.g. tour operator, airline, cruise company, accommodation provider). Accordingly, we will pass your personal data onto the supplier(s) and they will also be a controller of your personal data (under UK data protection laws) and their privacy policy/notices will apply. Please ensure you accept these prior to confirming your travel arrangements.

We are committed to respecting your and all other persons on your booking, including any children’s, (also referred to as “you”, “your”) privacy and protecting your personal data. Any person who makes the booking of travel arrangments (known as the “Lead Passenger”) is responsible for ensuring that they have the explicit consent of all other guests on their booking and that they are made aware of and agree to their data being processed in accordance with this Privacy Notice.

This Privacy Notice covers all platforms through which we offer travel-related services, this includes our Websites, and where you interact with us on social media such as Facebook, Instagram, LinkedIn etc. (in which cases you should also refer to and accept those social media sites’ privacy notices/policies).

By using our websites, contacting us by telephone or providing information to us in person, by way of email, post and social media you indicate your acceptance of this Privacy Notice.

For the purpose of the General Data Protection Regulation (GDPR) and EU e-Privacy Directive; Privacy and Electronic Communications Regulations (PECR), our registration number is ZA483908

1. Who we are

We’re registered in England and Wales as Treehouse Travel Ltd. Our company number is 08620541. Our registered office address is at 86-90 Paul Street, London EC2A 4NE.

We trade as ‘Treehouse Travel’ and ‘Duckling Cruises’. We operate the websites https://treehouse.travel and https://duckling.cruises (“the Websites”).

If you have questions or comments about this Privacy Notice, please contact us by email at either [email protected] or [email protected].

We collect or use the following information of all passengers in a booking to provide our holiday enquiry and booking services to you and those travelling with you:

  • Name (including title and full name);
  • Contact details (including postal address, email address, landline & mobile numbers);
  • Date and place of birth;
  • Client account records (including enquiry and booking history);
  • Financial details and payment method (including card or bank information as well as information on payment history, outstanding debt and any failed payments);
  • Emergency contact details (name, contact information and their relationship to you);
  • Information relating to loyalty schemes;
  • Social media identifiers;
  • Website user information (including user journeys and cookie tracking);
  • Photographs or video recordings;
  • Call recordings;
  • Identification documents, including passport and visas; and
  • Information relating to compliments or complaints.

 

We also collect or use the following special category information of all passengers in a booking to provide our holiday enquiry and booking services to you and those travelling with you:

  • Racial or ethnic origin (nationality details contained on your passport or travel documentation may disclose your racial or ethnic origin);
  • Religious or philosophical beliefs (your dietary requirements may disclose your religious or philosophical beliefs); and
  • Health information (including dietary requirements, allergies, disability and health conditions).

 

We collect or use the following information for service updates or marketing purposes:

  • Name (including title and full name);
  • Contact details (including postal address, email address, landline & mobile numbers);
  • Marketing preferences;
  • Social media identifiers;
  • Location data;
  • Recorded images, such as photos or videos;
  • Booking or viewing history;
  • IP addresses;
  • Website and app user journey information; and
  • Records of consent, where appropriate.

 

We collect or use the following information for research or archiving purposes:

  • Personal information used for administration of research;
  • Personal information used for the purpose of research; and
  • Records of consent, where appropriate.

 

We collect or use the following information of all passengers in a booking to comply with legal requirements:

  • Name (including title and full name);
  • Contact details (including postal address, email address, landline & mobile numbers);
  • Client account records (including enquiry and booking history);
  • Financial details and payment method (including card or bank information as well as information on payment history, outstanding debt and any failed payments); and
  • Identification documents, including passport and visas.

 

We also collect or use the following special category information of all passengers in a booking to comply with legal requirements:

  • Racial or ethnic origin (nationality details contained on your passport or travel documentation may disclose your racial or ethnic origin).

 

We collect or use the following information of all passengers in a booking for dealing with queries, complaints or claims:

  • Name (including title and full name);
  • Contact details (including postal address, email address, landline & mobile numbers);
  • Client account records (including enquiry and booking history);
  • Financial details and payment method (including card or bank information as well as information on payment history, outstanding debt and any failed payments);
  • Call recordings;
  • Social media identifiers;
  • Witness statements and contact details;
  • Relevant information from previous investigations;
  • Information relating to health and safety; and
  • Correspondence.

 

We also collect or use the following special category information of all passengers in a booking for dealing with queries, complaints or claims:

  • Racial or ethnic origin (nationality details contained on your passport or travel documentation may disclose your racial or ethnic origin);
  • Religious or philosophical beliefs (your dietary requirements may disclose your religious or philosophical beliefs); and
  • Health information (including dietary requirements, allergies, disability and health conditions).

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

 

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this Privacy Notice.

 

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide our holiday enquiry and booking services to you and those travelling with you are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • Sending important service communications and provide customer support for the services you are using.
    • Management of the bookings we take and/or make on your behalf with the third-party supplier of those arrangements.
    • Recovery of any debts due to us.

 

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • Development of our products/services and the growth of our business.
    • Keeping our records updated and studying how clients use our products/services.
    • Sending important service communications and provide customer support for the services you are using.

 

Our lawful bases for collecting or using personal information for research or archiving purposes are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • Defining types of clients for our products and services, keeping our websites and social media content updated and relevant, development of our business and to inform our marketing strategy.

 

Our lawful bases for collecting or using personal information for legal requirements are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

 

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • Enabling us to establish claims made by us, or defend claims made against us.
    • Enabling us to deliver/continue to deliver a high quality service, for example by resolving a complaint and learning from it.

In the running of our business we interact with people in a variety of ways including on our Websites, when making enquiries or bookings, through our social media channels, at our events, through competitions or prize draws we run and via other forms of communication including email and direct mail.

In some of these and other interactions we collect personal infomation. The sources by which we collect personal information are:

  • directly from you;
  • through our Websites. (See our cookie notice for further details);
  • from suppliers and service providers;
  • from legal and judicial sector organisations;
  • from publicly available sources; and
  • through other third parties:
    • Google.
    • Social media platforms such as Facebook, Instagram, YouTube and LinkedIn.
    • Technical, payment and delivery service providers.
    • Other persons referring our services to you.

We retain information for seven years from the end of the financial year in which we last had contact. We hold this information to support our legal and regulatory requirements.

If you object to this retention, please contact us.

Data processors

Automattic Inc

This data processor does the following activities for us:

  • Maintains and operates our Websites.

 

Canva UK Operations Limited

This data processor does the following activities for us:

  • Supports our marketing.

 

Elementor Ltd

This data processor does the following activities for us:

  • Maintains and operates our Websites.

 

Freeagent Central Limited

This data processor does the following activities for us:

  • Bookkeeping services.

 

Google LLC

This data processor does the following activities for us:

  • Supports our marketing; and
  • Analytics.

 

IONOS Cloud Ltd

This data processor does the following activities for us:

  • Maintains and operates our Websites.

 

LinkedIn Ireland Unlimited Company

This data processor does the folloing activities for us:

  • Social media platform supporting our communications and marketing.

 

Meta Platforms, Inc

This data processor does the following activities for us:

  • Social media platform supporting our communications and marketing.

 

Microsoft Corporation

This data processor does the following activities for us:

  • Data storage supplier;
  • IT and system administration; and
  • Facilitate online communications.

 

Mission Labs Limited

This data processor does the following activites for us:

  • Telephony services; and
  • Data storage supplier.

 

Sendinblue SAS

This data processor does the following activites for us:

  • Supports our communications and marketing; and
  • Data storage supplier.

 

The Travel Network Group Ltd

This data processor does the following activities for us:

  • Data storage supplier; and
  • Supports our marketing.

 

Worldpay LLC

This data processor does the following activities for us:

  • Payment processing services.

 

Data Controllers

We have controller relationships with:

Suppliers of Travel Arrangments

We have a controller relationship and we share your personal information with the controllers for the following reasons:

  • To uphold our contractual obligations to you as a client in fulfilling our travel arrangements booking service.

 

The Travel Network Group Ltd

We have a controller relationship and we share your personal information with the controller for the following reasons:

  • To ensure client travel arrangements are maintained in the event of our closure.
  • To provide appropriate insurance cover for client bookings.
  • To administer and process payments.
  • To ensure appropriate finacial protection is in place.
  • To deal with queries, complaints or claims in relation to our booking services.
  • To uphold our contractual obligations to you as a client in fulfilling your travel arrangements booking service.

 

Others

We share personal information with:

  • Insurance companies.
  • Professional or legal advisors.
  • Financial or fraud investigation authorities.
  • Relevant regulatory authorities.
  • Warranty and guarantee providers.
  • Professional consultants.
  • Organisations we’re legally obliged to share personal information with.
  • Publicly on our website, social media or other marketing and information media.
  • Debt collection agencies.
  • Suppliers and service providers.

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Automattic Inc

Category of recipient: Supplier

Country the personal information is sent to: The United States of America

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

 

Organisation name: Elementor Ltd

Category of recipient: Supplier

Country the personal information is sent to: Israel

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

 

Organisation name: Google LLC

Category of recipient: Supplier

Country the personal information is sent to: The United States of America

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

 

Organisation name: LinkedIn Ireland Unlimited Company

Category of recipient: Supplier

Country the personal information is sent to: Ireland

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

 

Organisation name: Meta Platforms, Inc

Category of recipient: Supplier

Country the personal information is sent to: The United States of America

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

 

Organisation name: Microsoft Corporation

Category of recipient: Supplier

Country the personal information is sent to: EU member states

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

 

Organisation name: Sendinblue SAS

Category of recipient: Supplier

Country the personal information is sent to: EU member states

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

 

Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Canva UK Operations Limited

Category of recipient: Supplier

Country the personal information is sent to: The United States of America

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

 

Organisation name: Mission Labs Limited

Category of recipient: Supplier

Country the personal information is sent to: Ireland

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

We do not target our websites or offer any of our products/services for sale to anyone under the age of 18 (a child), nor do we knowingly collect personal information from a child. The only circumstance in which information is collected in relation to a child is where you make a booking of travel services and you have a child in your party. In this situation, you must only submit these details if you are the parent or legal guardian of the child under 18 and waive all claims in relation to that child.

If you become aware of any information we have collected from a child, please contact us using the contact information provided above.

We may also pass your personal information to an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the organisation receiving your personal information can use your data in the same way as us.

We realise that your emergency contact or any person you refer to us, may not have heard of us previously, and so we ask you to inform them that you will be sharing their information with us. If they have any queries, they can contact us using the details we have provided in this Notice.

Where we provide links to websites of other organisations, this Privacy Notice does not cover how that organisation processes personal information. We encourage you to read the privacy policies/notices on the other websites you visit.

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this Privacy Notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

We keep our Privacy Notice under regular review. The last update was on 26 February 2025 and historic versions can be obtained by contacting us.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if any of the details you provide to us should change, during the course of your relationship with us.

The Foreign, Commonwealth & Development Office has up-to-date advice on health and safety across the globe, as well as local laws and passport & visa infomation.  Please check travelaware.campaign.gov.uk regularly for updates ahead of travel, as the advice can change.

For all booking we act as an Agent at all times.  Your contract for the supply of a Package or Travel Arrangements will be with the disclosed Principal Supplier of the Package or Travel Arrangements.

When making your booking with us, we will arrange for you to enter into a contract with that Principal Supplier.  Your booking will be subject to our Agency Booking Conditions for our booking services, and also the specific booking conditions of the Principal Supplier you contract with for your Package or Travel Arrangements.

You are advised to read all applicable conditions carefully prior to booking.  Copies of applicable conditions are available on request from us.

Logo showing Treehouse Travel's membership of the Travel Trust Association
Badge showing Treehouse Travel's finacial protection with the Travel Trust Association
Cruise Lines International Association logo
Badge showing CLIA Master membership status
Badge showing Treehouse Travel's membership of the Expedition Cruise Network
Duckling Cruises logo
Facebook Instagram Linkedin Youtube

© 2025 Treehouse Travel Ltd (trading as Duckling Cruises) – All rights reserved. Members of the Travel Trust Association and a Private Limited Company registered in England and Wales. Company No: 8620541. Registered Address: 86-90 Paul Street London EC2A 4NE. TTA No: Q4783. VAT No: 246 9371 76. Terms of Use and Privacy Notice.

Your subscription could not be saved. Please try again.
Thank you. One last step. Please check your email to confirm your subscription.

LET US INSPIRE YOU

We'd like to keep you up to date with travel news, inspiration, tips and special offers from the team at Duckling Cruises.

Enter your details to subscribe:

We use Brevo as our data storage, communications and marketing platform. By submitting this form you agree that the personal data you provided will be transferred to Brevo for processing in accordance with Brevo's Privacy Policy.