How do we get information?
Most of the personal information that we process is provided directly to us for one of the following reasons:
• You have made an enquiry to us
• You have booked a holiday with us
• A customer gives your name, age and gender as part of their booking of a holiday in which you are part of their group (or 'party')
• You agree to pay part or all of the cost of a holiday booked with us.
• You supply products or services to us
Contact with Business
Purpose and Legal basis for processing
Our purpose is to provide self catering holiday accommodation in line with the aims and objectives of our business plan.
Contact with businesses can be both as suppliers of self catering holiday accommodation and as purchasers of goods and services in relation to the enabling of our services.
The legal basis we rely on to process your personal data is article 6(1)(b) where processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
What we need
We collect contact information that you provide about your requirements for holiday accommodation.
We will usually require full postal address, post code, business name, contact name, position in company, telephone numbers and email address.
Why we need it
This information enables us to carry on a business relationship with your business.
What we do with it
We may share this information with others who provide us with supplies or services.
How long we keep it
We will maintain records for the duration of the business relationship or as required to satisfy the requirements of HMCR and Companies House in regard to archived business records.
What are your rights?
You are giving us your personal data so that we can progress a business relationship, so you have the right to object to our processing of your personal data.
There are legitimate reasons why we may refuse an objection, which depends on why we are processing it.
Do we use any data processors?
No
Purpose and Legal basis for processing
Our purpose is to provide self-catering holiday accommodation in line with the aims and objectives of our business plan.
Contact with individuals is as suppliers of self-catering holiday accommodation.
The legal bases we rely on to process your personal data are:
article 6(1)(a) where the data subject has given consent to the processing of his or her personal data for one or more specific reasons.
article 6(1)(b) where processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
What we need
We collect contact information that you provide about your requirements for holiday accommodation.
We will usually require full postal address, post code, contact name, telephone numbers and email address.
Additionally, we ask for the names, ages and gender of each member of a group comprising the enquiry or booking.
In the case of our pet friendly accommodation, we also require the name, age and breed of your pet.
Why we need it
This information enables us to ensure that we are providing suitable accommodation for your needs and maintain contact with you.
What we do with it
We may share a summary of this information with others who provide us with supplies or services.
We do not share special category data.
We do not share age or gender specific information
How long we keep it
We will maintain records for the duration of the business relationship and as required to satisfy the requirements of HMCR and Companies House in regard to archived business records. What are your rights?
You are giving us your personal data so that we can progress enquiries, bookings and provision of self catering holidays. You have the right to object to our processing of your personal data.
There are legitimate reasons why we may refuse an objection, which depends on why we are processing it.
Do we use any data processors?
No
Visitors to our premises
Analytics
When you visit selfcateringstivescornwall.co.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.
Cookies
We avoid using cookies on our websites. In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.
This means that we are in the process of updating tools so that, by default, any cookies will require explicit opt in action by users of our website. This will apply to the non-necessary cookies. We will ensure any necessary cookies for functionality and security are marked so that they are not deleted by the tool.
Security and performance
We use a third party service to collect deposits and payments from our customers. this service is provided by SagePay.
Customers card details are not saved on our servers.
Please refer to the privacy policies published by SagePay for details of how your information is used by their service.
Purpose and legal basis for processing
The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
What are your rights?
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
Visitors to our premises
We meet visitors at our head office, including:
• dignitaries;
• external training providers;
• job applicants;
• suppliers and tradespeople;
• stakeholders; and
• organisations we may be interviewing about their processing.
If your visit is planned, we’ll send your name and visit information to reception before your visit – so that we can greet you on arrival arrival.
If you arrive without an appointment, you will be asked to provide your name, company name and reason for your visit.
We ask all visitors to sign in and out at reception and show a form of ID. The ID is for verification purposes only, we don’t record this information.
Closed-circuit television (CCTV) operates outside the building for security purposes. The information is viewed by us on a live feed which is recorded for security purposes.
The purpose for processing this information is for security and safety reasons. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
We have Wi-Fi on site for the use of visitors. We’ll provide you with the address and password.
We record the device address and will automatically allocate you an IP address whilst on site. We also log traffic information in the form of sites visited, duration and date sent/received.
We don’t ask you to agree to terms, just to the fact that we have no responsibility or control over your use of the internet while you are on site, and we don’t ask you to provide any of your information to get this service.
The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
Under data protection law, you have rights that we need to make you aware of. the rights available to you depend on our reason for processing your information.
Your right of access
You have the right to find out if we are using or storing your personal data. This is called the right of access. You exercise this right by asking for a copy of the data, which is commonly known as making a ‘subject access request’.
How to access you data
You can make a subject access request to find out what data is held and how it is used. You may make a subject access request before exercising your other information rights.
You can make a subject access request verbally or in writing. We would recommend emailing selfcatering@goldsgroup.co.uk.
If you make your request verbally, we would recommend that you follow it up in writing to provide a clear trail of correspondence. It will also provide clear evidence of your actions.
To exercise your right of access, follow these steps
Step 1
• Identify where to send your request
• Think about what personal data you want to access.
Step 2
• Make your request directly to us.
• State clearly what you want.
You might not want all the personal data that we hold about you. We may be able to respond more quickly if you explain this and identify the specific data you want.
When making a subject access request, include the following information:
• Your name and contact details.
• Any information used by us to identify or distinguish you from other people with the same name (account numbers etc).
• Any details or relevant dates that will help it identify what you want.
For example, you may want to ask for:
• mails between ‘person A’ and ‘person B’ (say from 1 June 2018 to 1 Sept 2018
Step 3
• Keep a copy of your request.
• Keep any proof of postage or delivery.
When can we say no?
We may legally have to refuse your subject access request if your data includes information about another individual, except where:
• the other individual has agreed to the disclosure, or
• it is reasonable to provide you with this information without the other individual’s consent.
In deciding this, we will balance your right to access your data against the other individual’s rights regarding their own information
We can also refuse your request if it is ‘manifestly unfounded or excessive’. In any case we will tell you and justify our decision.
Erasure
Under data protection law, you have rights that we need to make you aware of. the rights available to you depend on our reason for processing your information.
Your right to erasure
You have the right to get your data deleted and in some circumstances we must do so. This is called the right of erasure. You may sometime hear this called the "right to be forgotten"
How to ask for your data to be deleted
You should contact us verbally or in writing. We would recommend emailing selfcatering@goldsgroup.co.uk.
If you make your request verbally, we would recommend that you follow it up in writing to provide a clear trail of correspondence. It will also provide clear evidence of your actions.
The right to erasure is not absolute and only applies in the following circumstances:
We no longer need your data
• You initially consented to the use of your data but have now withdrawn your consent
• You have objected to the use of your data and your interests outweigh those of ours
• We have collected or used your data unlawfully
• We have a legal obligation to erase the data
When can we say no?
We may legally refuse your erasure request if:
• we are legally obliged to keep or hold your data
• we need to keep your data to establish, exercise or defend legal claims.
We can also refuse your request if it is ‘manifestly unfounded or excessive’. In any case we will tell you and justify our decision.
In considering your request, we decide whether we need to erase your data. We will respond to your request either confirming or explaining why we do not consider that we have to erase your data.
Restriction of Processing
Under data protection law, you have rights that we need to make you aware of. the rights available to you depend on our reason for processing your information.
Your right to rectification
You have the right to ask us to rectify information that you think is inaccurate. You also have the right to ask us to complete information that you think is incomplete.
How to get your data corrected
To exercise your right you should inform us that you would like your data corrected.
You should
• state clearly what you believe is inaccurate or incomplete
• explain how we should correct it, and
• where available, provide evidence of inaccuracies (screen shots etc)
A request can be verbal or in writing. We recommend email to selfcatering@goldsgroup.co.uk because this allows you to explain your concern, give evidence and state you desired solution. I will also provide clear proof of your actions.
When can we say no?
We can legally refuse your request if it is ‘manifestly unfounded or excessive’.
In reaching this decision, we can take into account whether a request is repetitive.
In such circumstance we can:
• request a reasonable fee to deal with the request, or
• refuse to deal with the request
In any case we will tell you and justify our decision.
Objection
Under data protection law, you have rights that we need to make you aware of. the rights available to you depend on our reason for processing your information.
Your right to object to data processing
You have the right to object to the processing (use) of your personal data in some circumstances.
If we agree to your objection, we will stop using your data for that purpose.
You have an absolute right to object to us using your data for direct marketing.
How to exercise your right to object?
Before objecting, you should ask us why we are processing your data.
This is because you can only object to processing when we are using your data for:
• a task carried out in the public interest
• our legitimate interests
• scientific or historical research, or statistical purposes or
• direct marketing
You can make an objection verbally or in writing. We would recommend emailing selfcatering@goldsgroup.co.uk.
If you make your objection verbally, we would recommend that you follow it up in writing to provide a clear trail of correspondence. It will also provide clear evidence of your actions.
When can we say no?
We may legally have to refuse your objection to processing your data if:
• we need the data for a legal claim • we have a strong reason to continue using the data that overrides your objection.
We can also refuse your request if it is ‘manifestly unfounded or excessive’.
In any case we will tell you and justify our decision.
Data Portability
Under data protection law, you have rights that we need to make you aware of. the rights available to you depend on our reason for processing your information.
Your right to data portability
This only applies to information that you have guven to us. You have the right to ask that we transfer the information you gave us from one organisation to anothe or to give it to you.
The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
This is called the right to data portability.
How to request your data
You can make a portability request verbally or in writing. We would recommend emailing selfcatering@goldsgroup.co.uk.
If you make your request verbally, we would recommend that you follow it up in writing to provide a clear trail of correspondence. It will also provide clear evidence of your actions.
To exercise your right of portability, contact us and state what it is that you want.
When can we say no?
We can refuse your request if it is ‘manifestly unfounded or excessive’. In any case we will tell you and justify our decision.
Your right to complain
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at selfcatering@goldsgroup.co.uk and we’ll respond.
Managing Customer Contact
This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.
This notice is layered. So, if you wish, you can easily select the reason we process your personal information and see what we do with it.
We’ll tell you:
• why we are able to process your information
• what purpose we are processing it for
• whether you have to provide it to us
• how long we store it for
• whether there are other recipients of your personal information
• whether we intend to transfer it to another country, and
• whether we do automated decision-making or profiling.
The first part of the notice is information we need to tell everybody.
GDPR Contact Details
Please address any GDPR related queries to:
DPO/Controller
Golds Cornish Holidays
Cannock Road,
Heath Hayes,
CANNOCK
Staffordshire
WS12 3HQ
Telephone: 01736 753777
Email: selfcatering@goldsgroup.co.uk