1 About this Policy
a. This policy explains when and why we collect personal information about holiday guests or potential holiday guests at Coldingham Loch Cottages, how we use it and how we keep it secure and your rights in relation to it.
c. In the event that inaccurate data is recorded, such inaccuracies will be amended by us and any other relevant parties notified immediately.
e. We will always use our best endeavours to comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at ico.org.uk. For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
2 Who are we
We are Coldingham Loch Cottages & Fly Fishing (CLC) and under GDPR, CLC is the “Controller” of member data.
3 What information we collect and why
i. We collect the name, address, telephone number and email address of holiday guests to enable us to manage that guest’s holiday cottage booking. We will also need to collect information like the number in your party, whether or not any of your party will wish to use the Fly Fishing facility on site and any special booking requests.
ii. We may need to collect bank information if we are doing a refund to you by bank transfer. This would only be used for this purpose and would not be held by us once it had been used.
iii. Communications with us regarding your booking such as emails, letters or booking forms.
iv. Individuals have the right to access the details of any personal data we may be keeping. This can be requested either verbally or in writing and requests will be responded to within one month of the request. All requests should be directed through us. A record will be kept for management purposes of each request received.
iv. You have the right to have your personal data being erased and this request needs to be in writing.
Photos and videos are sometimes used on the Coldingham Loch Cottages website for the purpose of promoting its profile. We ask that guests let us know if they do not wish to have any photos of them to be taken or to be published on the websites or other promotional material. This request to opt out of being in any photos or videos can be made at any time by contacting us by email or letter. We will seek Parental consent for Members under 16 years of age prior to any photos or videos being recorded where children may appear. Consent relating to photos or videos may be withdrawn at any time by contacting us by email or letter.
i We do not store any bank information of holiday guests or other persons making payments to Coldingham Loch Cottages.
ii. PCI Compliance. In compliance with the new PCI regulations, we are un-able to capture bank card details over the phone, face to face or via post.
4 How we protect your data
a. We adopt best practices and implement appropriate technical and organisational measures to safe guard and secure data at all times.
b. No sensitive financial information (bank details, debit or credit card information etc) is ever seen, stored or transmitted by us. If using the online booking system, which is PCI compliant, payments are made through PayPal and any information you submit through them is handled and stored securely by them.
c. We will notify you promptly in the unlikely event of any breach of your personal data which might expose you to serious risk.
d. Where a holiday guest suspects a breach of data protection has arisen, they must immediately bring this to our attention.
e. You have the right to take any complaints about how we control your personal data to the Information Commissioner: For more information visit www.ico.org.uk
5 Who else has access to the information you provide
We will never sell or rent your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as set out above.
6 How long do we keep your information
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you as it will no longer be personal data.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
7. Third party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.