Privacy Policies

Effective Date: 10th November 2025

1. Overview and Relationship to Other HTN Policies

The Halal Travel Network (“HTN”, “we”, “us”, “our”) is committed to protecting the privacy and integrity of all information entrusted to us by our members, partners, event participants, and website visitors. This Policy also applies to content creators and partner organisations participating in campaigns managed through HTN Talent Management.

We are a UK-registered B2B organisation governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy sets out how we collect, process, store, and safeguard data across our membership, marketplace, training, and event platforms.

It should be read together with:

  • the HTN Terms & Conditions, which establish contractual and operational use of our systems; and
  • the HTN Code of Conduct, which sets behavioural and digital responsibilities for members.

Those two documents define what members may or may not do with information. This Policy explains what HTN itself does with the information it receives.

2. Data Controller and Legal Basis

HTN Ltd, registered in the United Kingdom, is the data controller for all personal and business information processed through the HTN website, marketplace, academy, and event registration systems.

Where HTN co-hosts an event or campaign, data may be processed jointly under a written Data-Sharing or Data-Processing Agreement defining each party’s responsibilities.

We process data only where one of the following lawful bases applies:

  • Contractual necessity – to perform our obligations to members, partners, and attendees.
  • Legitimate interest – to operate and improve a professional B2B network while respecting individuals’ rights.
  • Consent – for optional communications, photography, or testimonials.
  • Legal obligation – for compliance with UK tax, accounting, and corporate-record laws.

HTN also acts as the data controller for all Talent Management collaborations and campaign records, including creator and partner contact details, contracts, and deliverables.

3. Information We Hold and How It Arises

HTN receives data directly from you when you:

  • apply for or renew membership;
  • upload listings, images, or materials to the Marketplace or Academy;
  • register for an HTN event or webinar;
  • make content creator profiles, provide social media handles, and audience insights;
  • discuss campaign deliverables, timelines, and content usage permissions;
  • subscribe to newsletters or surveys; or
  • communicate with the HTN team.

We may also obtain limited professional contact data from publicly available industry sources (for example, tourism-board directories or LinkedIn) for legitimate outreach.

The categories of information include business identification details, contact information, membership records, payment history, digital engagement metrics, and—only where volunteered—accessibility or dietary information for events.

HTN does not collect or process consumer-traveller data, nor do we require sensitive “special category” information for ordinary operations.

4. Purpose and Use of Data

HTN processes data to deliver and improve its professional services.

Specifically, we use information to:

  • administer memberships, renewals, and billing;
  • manage the Halal Travel Network Marketplace and related listings;
  • deliver training through the HTN Academy;
  • coordinate events, webinars, and roadshows;
  • facilitate legitimate business networking between verified industry professionals;
  • provide marketing communications where consent has been granted;
  • ensure compliance with our Terms & Conditions and Code of Conduct; and
  • maintain system security and business continuity.

We do not sell, rent, or trade personal data, nor do we engage in consumer-facing advertising.

5. Data Sharing and Processing Partners

HTN engages a small number of carefully vetted third-party providers to support its operations—for example, platform hosts (Tashi.travel), webinar tools (Wasabih), cloud services (Google Workspace), analytics tools (Google Analytics), and secure payment processors (Stripe or PayPal).

Each provider acts under a written Data-Processing Agreement consistent with Article 28 UK GDPR.

They are required to:

  • process data only on HTN’s documented instructions;
  • apply appropriate technical and organisational security measures; and
  • delete or return data at the end of the engagement.

Where an event is co-hosted or sponsored, limited participant details may be shared with those partners strictly for logistical purposes and never for unrelated marketing without additional consent.

For Talent Management campaigns, limited creator or partner details may be shared with campaign sponsors or destination partners for operational delivery, under written confidentiality terms.

6. International Transfers

Because HTN operates globally, data may occasionally be transferred outside the UK and EEA.

Such transfers occur only when adequate safeguards are in place—typically the UK Addendum to the EU Standard Contractual Clauses, or to jurisdictions recognised under a UK adequacy decision.

Where no recognised mechanism exists, explicit consent will be sought before transfer.

7. Retention and Archiving

Data is retained only for as long as required to fulfil its purpose or meet statutory obligations.

Membership and contractual data are generally held for the duration of membership plus two years; financial records for seven years; event data for two years; and marketing consents until withdrawn.

At the end of these periods, information is securely deleted or anonymised.

All archiving and deletion follow HTN’s documented Data-Retention Schedule maintained by the Compliance Lead.

8. Security and Access Controls

HTN maintains layered security measures combining technology and governance:

  • encrypted data transmission (SSL/TLS) and encrypted cloud storage;
  • role-based user access and two-factor authentication for internal systems;
  • regular staff training on privacy and phishing awareness;
  • secure payment gateways certified to PCI-DSS standards; and
  • an incident-response plan aligned with Articles 33 and 34 UK GDPR.

Any suspected breach is investigated immediately. Where a breach is likely to pose risk to individuals, HTN will notify the Information Commissioner’s Office within 72 hours and affected parties without undue delay.

9. Marketing, Photography, and Consent Management

HTN communicates with members primarily for operational reasons. Promotional emails, newsletters, or surveys are sent only to contacts who have opted in under the Privacy and Electronic Communications Regulations (PECR). Every email contains an unsubscribe link.

For events, HTN may capture photographs, video, or audio. Notices are displayed at registration and on-site; anyone may request not to be recorded.

Testimonials, interviews, and case studies are used only with written consent and in accordance with the permissions granted.

10. Cookies and Analytics

HTN uses cookies to ensure site functionality and to analyse aggregate traffic. Essential cookies are automatically enabled; analytics and marketing cookies operate only with consent via the cookie banner.

Detailed information about cookie categories and duration is provided in the HTN Cookie Policy on our website.

11. Your Rights

Under the UK GDPR you have the right to:

  • access a copy of your personal data;
  • request correction of inaccuracies;
  • request erasure where data is no longer needed or processed unlawfully;
  • restrict or object to certain processing;
  • receive data you have provided in a structured, machine-readable format; and
  • withdraw consent at any time for non-essential processing.

Requests should be sent to the data protection officer: david@halaltravel.network. HTN will respond within one calendar month and may request identification to verify authenticity.

If you are dissatisfied with our response, you may contact the Information Commissioner’s Office (www.ico.org.uk).

12. Links, Third-Party Sites, and External Platforms

HTN’s digital channels may contain links to other professional websites or platforms. HTN is not responsible for the privacy practices of external sites and encourages all users to review third-party policies before submitting information. Where HTN embeds third-party applications (e.g., video or payment portals), data shared through those services is subject to the provider’s privacy terms.

13. Governance and Accountability

This Policy operates within HTN’s broader governance suite, which includes:

  • Terms & Conditions – governing contractual use, data ownership, and liability;
  • Code of Conduct – defining ethical, cultural, and digital responsibilities; and
  • Digital Conduct & Data Responsibility Policy – detailing technical protocols for file sharing and intellectual property.

Together these documents establish HTN’s accountability framework under Articles 5 and 24 UK GDPR. All staff, contractors, and Advisory Board members are required to sign an annual data-handling acknowledgment confirming compliance.

14. Policy Updates

HTN reviews this Policy annually or sooner if legal or operational changes occur. The current version is published on www.halaltravel.network with a visible “Last Updated” date. Substantive amendments will be communicated to members via email.

15. Contact

Data Protection Officer – David Archer – Operations Halal Travel Network Ltd - david@halaltravel.network