It is important that you read this section of our Privacy Notice so you are aware of how we are collecting or processing personal data about you which complies with the General Data Protection Regulation (GDPR).
We are known as the “Data Controller” of the personal data collected from you to enter into a contract of service delivery.
Information we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data, data such as:
- Identity Data includes title, first name, maiden name, last name.
- Contact Data includes billing address, residential address, delivery address, email address and telephone numbers.
- Transaction Data includes details about payments from you and other details of products and services you have purchased from us.
- Technical Data provided by Google Analytics in relation to the technology on the devices you use to access this website.
- Profile Data includes your personal information and purchases or orders made by you.
- Usage Data includes information about how you use our website, products and services to fulfil contractual obligations.
- Marketing and Communications Data includes your preferences in receiving marketing information from us.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data is data that may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. We treat the combined data as personal data which will be used in accordance with this Privacy Notice.
We do not request any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) to enter into a service contract.
If you fail to provide personal data
Where we need to collect personal data under the terms of a contract we have with you and you fail to provide that data when requested by us, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, or decline your booking, but we will notify you if this is the case at the time.
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions.
You may give us your Identity, Contact, Transaction and Profile Data by filling in electronic forms (e.g online booking form) or by corresponding with us by post, phone, email or otherwise.
This includes personal data you provide or that you may have provided when you:
- apply for our products or services;
- complete the online booking form;
- make an enquiry;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or via our various advertising platforms;
- give us feedback; and
- have applied for products in the past.
- Automated technologies or interactions.
As you interact with our website, or those of Third Parties, we may automatically collect data from the following parties:
- analytics providers such as Google based inside or outside the EU;
- search information providers inside or outside the EU.
- Contact and Transaction Data from providers of technical and/or payment services inside or outside the EU.
How we process your information
We will only process your personal information if there is a lawful basis to do so. Most commonly, we will use your personal information in the following circumstances:
- When processing is necessary for the performance of a contract or when processing is required prior to entering into a contract with you.
- When processing is necessary for compliance with a legal or regulatory obligation.
- To prevent and detect crime, including fraud.
Generally we do not rely on consent as a legal basis for processing your personal data.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where it is this is required or permitted by law.
Disclosures of your personal data
We may share your personal data with representatives of the Data Controller to enable service delivery to be performed, Third Parties for the purposes of IT hosting information located on servers within the EU, our website providers Kool Booking Systems who are Joint Data Controllers and email providers. Social media platforms may also collect and process your data.
We may also need to share your data for legal reasons including but not limited to insurance claims, tax requirements and/or criminal investigations.
If we do, you can expect a similar degree of protection in respect of your personal information.
We will not sell your data for the purpose of marketing to Third Parties.
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal or regulatory requirements.
By law we have to keep basic information about our customers and suppliers (including Contact, Identity, Financial and Transaction Data) for a certain period after they cease being customers for tax or VAT and insurance purposes.
We will retain your data for 7 years from the date of your booking and contract being fulfilled.
In some circumstances you can ask us to delete your data by emailing us. However if this request is made prior to the contact to supply being fulfilled, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, or decline your booking, but we will notify you if this is the case.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If you wish to raise a complaint about how your data is being handled, in accordance with the law you can contact the Information Commissioners Office (ICO)
Published 23rd May 2018