To comply with the Privacy and Electronic Communications Regulations (PECR) and General Data Protection Regulations (GDPR) we periodically conduct a Cookie Audit of our website. This Cookie Audit was last updated on 24 September 2018.
To find out how to control the cookies that are created on your device please see this page. To find out how to delete cookies please see this page. For more information about managing cookies, please see http://www.aboutcookies.org/.
This website creates a number of cookies, which are referred to as first party cookies as they are specific to the host site that created them. All the first-party cookies which are created do not store any personal or sensitive information. They are used for essential functionality such as security when processing form data or for analytics to capture information on how website visitors arrived at and use our website.
Our web server may create an essential session cookie called NEWSESSID, which is essential for your use of some of the interactive elements of the website, such as login and registration forms. The cookie contains a session ID which is a mechanism for distinguishing your visit to our website from any other visitors that may be using the website at the same time. This cookie expires when you leave our website.
We use Google Analytics, which creates a number of first-party cookies. Google Analytics creates cookies to distinguish unique users and capture website usage information. We use this data to help us improve our website and understand the performance of our marketing activities.
No personally identifiable information is sent to Google Analytics, for example, your name or email address.
Google is committed to complying to all applicable data protection legislation, for more information please see: https://privacy.google.com/businesses/compliance/
Full details of the cookies which Google Analytics uses can be found in Cookies & Google Analytics in documentation for Google's Analytics tracking code.
We don't share the data that Google Analytics collects, and we don't believe that our use of Google Analytics is privacy-intrusive. We use the data that is collected in the following ways:
Cookies created by Google Analytics are:
|Cookie Name||Expiration Time||Description|
||2 years||Used to distinguish users.|
||24 hours||Used to distinguish users.|
||1 minute||Used to throttle request rate. Throttling means to restrict the frequency of data being posted to Google Analytics.|
||30 seconds to 1 year||Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.|
||90 days||Contains campaign related information for the user in the event a user has clicked on a Google Ad (sponsored search result or ad on the Google Display Network). Google Ads website conversion tags will read this cookie unless you opt-out.|
We utilise Google Analytics Campaign Tracking to identify marketing campaigns that refer traffic to our website. By linking to our website from various marketing sources, e.g. email campaigns, ad campaigns on other websites, we can capture information about the referring campaign. For example, we may send out an email campaign and tag all links with the following parameters, so the referring source is provided on arriving at our website:
https://www.iomtt.travel/accommodation/search ?utm_source=newsletter &utm_medium=email &utm_campaign=spring_sale &utm_term=tt_accommodation &utm_content=booking
We also capture the referring domain in case these parameters are not present. For example someone who follows a link from a comment we've posted on facebook; we capture the referring domain "facebook.com" so we can post this data to Google Analytics once a booking is made.
If these parameters are present in the URL we store them in a Cookie called utmh, which expires after 90 days. If you were to make a booking within 90 days, this campaign referral data is sent to Google Analytics so we know the originating source of a booking.
The data stored in the cookie is specific to the referring campaign and does not store any personally identifiable information.
Google Analytics by default is designed to capture and collect referring campaign data but because we redirect traffic to Worldpay to process payments, the bookings can appear as originating from WorldPay rather than the original source, which may in fact be from an email campaign or social network.
When a booking is created on our website, we fetch this referring source data from the utmh cookie and store it in our database against an order ID. If a booking is not made, the utmh data is not collected and just remains within a cookie on your device until it expires after 90 days.
When payment is completed on WorldPay's website, WorldPay send a payment response to confirm the payment was successful. When we receive this update, we lookup the referral data stored in our database for an associated booking and post it direct to Google Analytics. No personally identifiable information is sent to Google Analytics.
If you have any concerns about the cookies we create or the way we aim to attain consent from you, please contact us and we'll be happy to answer your questions.