To comply with the Privacy and Electronic Communications Regulations (PECR) and General Data Protection Regulations (GDPR) we periodically conduct a Cookie Audit of our website. This Cookie Audit was last updated on 24 September 2018.

Our website uses a number of cookies to store data on our visitor's computers. The purpose of this Cookie Policy is to inform you about how we use cookies and be transparent about how your data is processed with the aid of cookies.

To find out how to control the cookies that are created on your device please see this page. To find out how to delete cookies please see this page. For more information about managing cookies, please see http://www.aboutcookies.org/.

Cookies created by this website

This website creates a number of cookies, which are referred to as first party cookies as they are specific to the host site that created them. All the first-party cookies which are created do not store any personal or sensitive information. They are used for essential functionality such as security when processing form data or for analytics to capture information on how website visitors arrived at and use our website.

Session IDs

Our web server may create an essential session cookie called NEWSESSID, which is essential for your use of some of the interactive elements of the website, such as login and registration forms. The cookie contains a session ID which is a mechanism for distinguishing your visit to our website from any other visitors that may be using the website at the same time. This cookie expires when you leave our website.

Google Analytics

We use Google Analytics, which creates a number of first-party cookies. Google Analytics creates cookies to distinguish unique users and capture website usage information. We use this data to help us improve our website and understand the performance of our marketing activities.

No personally identifiable information is sent to Google Analytics, for example, your name or email address. 

Google is committed to complying to all applicable data protection legislation, for more information please see: https://privacy.google.com/businesses/compliance/

Full details of the cookies which Google Analytics uses can be found in Cookies & Google Analytics in documentation for Google's Analytics tracking code.

We don't share the data that Google Analytics collects, and we don't believe that our use of Google Analytics is privacy-intrusive. We use the data that is collected in the following ways:

Cookies created by Google Analytics are:

Cookie Name Expiration Time Description
_ga 2 years Used to distinguish users.
_gid 24 hours Used to distinguish users.
_gat 1 minute Used to throttle request rate. Throttling means to restrict the frequency of data being posted to Google Analytics.
AMP_TOKEN 30 seconds to 1 year Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
_gac_<property-id> 90 days Contains campaign related information for the user in the event a user has clicked on a Google Ad (sponsored search result or ad on the Google Display Network). Google Ads website conversion tags will read this cookie unless you opt-out. 

Campaign Tracking

We utilise Google Analytics Campaign Tracking to identify marketing campaigns that refer traffic to our website. By linking to our website from various marketing sources, e.g. email campaigns, ad campaigns on other websites, we can capture information about the referring campaign. For example, we may send out an email campaign and tag all links with the following parameters, so the referring source is provided on arriving at our website:

https://www.iomtt.travel/accommodation/search ?utm_source=newsletter &utm_medium=email &utm_campaign=spring_sale &utm_term=tt_accommodation &utm_content=booking

We also capture the referring domain in case these parameters are not present. For example someone who follows a link from a comment we've posted on facebook; we capture the referring domain "facebook.com" so we can post this data to Google Analytics once a booking is made.

If these parameters are present in the URL we store them in a Cookie called utmh, which expires after 90 days. If you were to make a booking within 90 days, this campaign referral data is sent to Google Analytics so we know the originating source of a booking.

The data stored in the cookie is specific to the referring campaign and does not store any personally identifiable information.

Google Analytics by default is designed to capture and collect referring campaign data but because we redirect traffic to Worldpay to process payments, the bookings can appear as originating from WorldPay rather than the original source, which may in fact be from an email campaign or social network.

When a booking is created on our website, we fetch this referring source data from the utmh cookie and store it in our database against an order ID. If a booking is not made, the utmh data is not collected and just remains within a cookie on your device until it expires after 90 days.

When payment is completed on WorldPay's website, WorldPay send a payment response to confirm the payment was successful. When we receive this update, we lookup the referral data stored in our database for an associated booking and post it direct to Google Analytics. No personally identifiable information is sent to Google Analytics.

Other cookies

From time to time we may use additional external services on our website which may create cookies on your device. As we add new services or make changes that use cookies, we will update this cookie policy with the details.

If you have any concerns about the cookies we create or the way we aim to attain consent from you, please contact us and we'll be happy to answer your questions.