About this Privacy Notice
At The Croft Cabin we take the protection of Personal Data seriously. In this Privacy Notice we’ll explain what Personal Data we collect from you, how we use and share that data, how we keep your Personal Data safe, and how long we keep it for. We’ll also explain how we Process your data (and the Legal Basis for doing so) and help you to understand your Personal Data Rights. We have tried to keep things simple, there are however some concepts and legal terms that we’ll sometimes need to use. We’ve tried to use plain English wherever possible but if you have any questions about this Data Privacy Notice or would like additional clarification, please contact: email@example.com.
What do we mean by Personal Data?
Personal Data is any information that could be used (directly or indirectly) to identify you. That could be anything from your name and address, your bank details, your email address, an image or recording of you, your IP address or any other data that could be used to identify you. Occasionally we collect and process another type of Personal Data called Special Category Personal Data.
What do we mean by Processing your Personal Data?
Processing Data simply means doing something with your Personal Data. That could be as straightforward as collecting it or sharing it, or as complex as modelling the data or appending values to the data. If a company or organisation does anything with your Personal Data, they are Processing it.
What do we do with your Personal Data?
In this section we’ll explain how we Process your Personal Data and the Legal Basis for doing so. We’ll also explain what a Data Controller and a Data Processor is. We have tried to use plain English wherever possible, but it is important you understand what these legal terms mean.
The Personal Data we collect
We collect your Personal Data when you contact us online through the “Contact form” on the website, and where you interact with us on social media. We operate pages on Facebook. If you are a user of this service, you can contact us publicly or in a direct message and share information with us on those pages if you wish to. We won’t ask you for any Personal Data on social media or discuss details of your event, but we will be more than happy to call you back or email you. Where you interact with us on social media, Personal Data may be collected by the platform provider with whom you have an account who may use it independent from us. We have no control over, and accept no liability for, how they use your Personal Data. You can access more information about how they use data gathered from their websites here: Facebook https://en-gb.facebook.com/policies/cookies/
What is a Data Controller?
The Croft Cabin is a Data Controller. That means we’re responsible for determining what happens to the Personal Data we collect, including how we Process it. As a Data Controller we’re also responsible for monitoring and approving the Data Processors we pass your Personal Data to.
What is a Legal Basis to collect and Process Personal Data?
Under GDPR (the General Data Protection Regulation) there are a number of Legal Bases that a Data Controller can use to Process or share Personal Data. The Legal Bases The Croft Cabin rely on to Process your Personal Data are:
Consent means you’ve given us clear and informed permission to Process your Personal Data. Consent is a Legal Basis to Process Personal Data. An example might be where you have asked us to send you promotional materials. Remember, you can withdraw your Consent at any time.
Our Contract with you
When you book our services you enter into a contract with us. A contract is a Legal Basis to Process Personal Data.
How we Process the Personal Data we collect
Your name and contact details We use your name, address, email address and telephone number to communicate with you. We will only send you Messages that relate to your booking or in regard to an enquiry. We may also use your telephone number to contact you about your booking/enquiry. Your payment details and transaction history We collect your payment details when you pay for a service from The Croft Cabin. We use your payment details to manage your account, and process your monthly payments if you are paying in installments. We may also use a third party Data Processor to verify your payment details and identity when you join. Other ways we use Legitimate Interest to Process your Personal data We Process your Personal Data as part of our normal business functions. Those activities include;
* The operation and testing of our Information Technology systems.
* Analysis and monitoring for business planning.
* Communications activity and events administration. Please note that where you interact with us or provide Personal Data to our social media pages using your social media accounts this may result in the processing of your Personal Data outside the European Economic Area by the relevant social media platform. The basis upon which any such Personal Data may be transferred outside the EEA is determined by the platform provider. You can access more information about how the hosts of our current social media accounts use data gathered from their websites here: Facebook https://en-gb.facebook.com/policies/cookies The Personal Data we collect and Process when you visit our website It’s important to us that we give our website visitors the best possible experience when they use our site. We use a number of tools to help us monitor activity on our website. We use Consent as the Legal Basis to collect and Process this data.
Some cookies are necessary to enable our website to operate. These cookies do not rely on your Consent because they are required for the function of our website.
Session cookies are temporary cookies that are downloaded to your device’s temporary memory. They have no expiration date and are typically erased when you close your web browser, but some can persist longer. When you continue to browse our website, you are giving your Consent to the use of these cookies. Persistent cookies
Persistent cookies are downloaded to your computer so that when you close your browser they remain on your computer. Persistent cookies have an expiration date. When you continue to browse our website, you are giving your Consent to the use of these cookies. Where we use 3rd party social media sites these sites may also set analytics cookies which can result in those sites processing data about your visit. How these cookies are set and what information they gather is determined by the social media platforms. They use the information from cookies to provide us with anonymous statistical information about visitors to our pages on their sites. Depending upon your browser settings these cookies may be set on your device this can occur regardless of whether you have an account on the platform or not. We have public pages on Facebook and Instagram you can access more information about how they use data gathered from their websites here: Facebook https://en-gb.facebook.com/policies/cookies/
What cookies do we use?
A google tracking cookie that helps us understand the way visitors interact with our websites to improve our website and services. It saves information about IP address, user behaviour on the site, such as clicks, scrolls, and mouse movements, information about users’ operating systems and browsers is saved.
This measures visitor behaviour on our website and helps us attract new players using online paid search adverts via Google. If you wish to opt out of Google cookies visit: https://tools.google.com/dlpage/gaoptout
Disabling cookies If you’d prefer not to allow cookies, you can choose to disable cookies via your web browser. Your experience of our website may be compromised if you choose to disable cookies. Please be aware that disabling cookies will disable all cookies in your web browser. If you’d prefer to stop online advertising only you can use ad blocking in your browser. Many web browsers now come with this as standard For more information about online advertising you can visit www.youronlinechoices.com/uk/
What cookies do we use?
Your Personal Data Rights Under GDPR (the General Data Protection Regulation) you have a number of Personal Data Rights you can exercise over your Personal Data. We’ll explain those rights and how you can exercise them here.
Your Right to be Informed
We believe it is important that you fully understand what we do with your Personal Data. This is known as the Right to be Informed. This Privacy Notice gives detailed information about the type of Personal Data we collect, how we Process that data, and how we share that data with Data Processors and other Data Controllers. We’ll inform you:
* Of your Data Protection Rights?
* When we share your Personal Data with Data Processors or other Data Controllers
* Of the purpose of and Legal Basis for our Processing
* About the implications of not providing Personal Data we have requested under a Contractual or Legal requirement
* How to withdraw Consent you have given previously
* About the length of time we retain your Personal Data for and the reasons we do
* If we want to change the way we Process your Personal Data we’ll inform you beforehand and give you an opportunity to object
* If and how we obtained your Personal Data from a third party?
You can withdraw your Consent at any time by emailing: firstname.lastname@example.org.
Your Right to Correct Personal Data we hold
Although we make every effort to ensure your Personal Data is complete, up-to-date and accurate we recognise that sometimes mistakes happen. You can ask us to correct your Personal Data at any time. This is known as the Right to Rectification. You can ask us to amend your Personal Data by emailing email@example.com
Your Right to Access your Personal Data
You have the right to ask for a copy of your Personal Data we hold. You can also request copies of any Personal Data we have shared with our Data Processors and any other Data Controllers.
Your Right to Erasure
We recognise that sometimes you’d rather we erase some or all of the Personal Data we hold. This is known as the Right to Erasure. Your Right to Restrict Processing You have the right to ask us to restrict the way we Process your Personal Data. Your Right to Complain
We pride ourselves on our high standards of customer service. Even with the best of intentions we recognise that we may sometimes fall short. If you want to complain and the complaint relates to your Personal Data you can contact us at: firstname.lastname@example.org if you remain unsatisfied with our handling of your complaint you can complain to the Information Commissioner’s Office (ICO). You can find out more about that right and the process at http://www.ico.org.uk or by writing to the ICO at:
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 ( national rate)
Your Right to be Informed if your Personal Data is Compromised In the unlikely event that the Personal Data we hold is breached or compromised in a significant way that would create a high risk to your rights and personal freedoms, we’ll contact you without delay to let you know:
How we keep your Personal Data safe
At The Croft Cabin information security is very important to our business. We are fully committed to ensuring information security, confidentiality, and integrity. The information you send us online The methods we use to ensure data is safeguarded while being sent over the internet are industry-standard. When information reaches us, we store it securely and only provide access to authorised personnel.
How we restrict access to your Personal Data
The Croft Cabin maintains strict physical, electronic and administrative safeguards to protect your Personal Data from unauthorised or inappropriate access. Personal Data collected by us is stored in secure operating environments that are not accessible by the public. In the unlikely event that an employee misuses that information they will be liable to appropriate legal and disciplinary sanctions.