This is a generic template which should be adapted to your business – it is offered for information only. The accuracy of this policy is not legally binding. Use at your own risk.
We are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection in line with UK and EU law.
In general your personal data will be used to provide the information, goods and services offered through our website to you, for billing and order fulfilment.
We ensure that individuals understand what they are providing, why and how we use it and give clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
The pieces of information that we collect, from your voluntary submission through either the contact from or the booking form, are the following: name, address, email, phone number and XXXXXXXX.
We have clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and provide unsubscribe features on all subsequent marketing materials.
We may disclose your personal data; if we sell our business, to agents and service providers and in cases where we are required by law to pass on information or if we believe action is necessary for fraud, cyber crime or to protect the website, rights, personal safety of person/s.
We may also disclose aggregate statistics about visitors to our website (customers and sales) in order to describe our services to prospective partners (advertisers, sponsors) and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
We are not responsible for the republishing of the content found on this website on other websites or media without our permission.
International Data Transfers & Third-Party Disclosures and Processor Agreements:
Where we use any third-party to process personal information on our behalf (i.e. payment processing, hosting etc), we ensure that they meet and understand their GDPR obligations. These measures include initial and on going reviews of the service provided, that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
Where we store or transfer personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data.
Data Subject Rights
You have the right to access any personal information that we process about you and to request information via a Subject Access Request (SAR) about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
- The right to have incomplete or inaccurate data about you corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from me and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Data Retention & Erasure
We do not retain personal data for any longer than necessary and have dedicated erasure procedures in place should you wish to exercise the ‘Right to Erasure’
Subject Access Request (SAR)
If you are concerned about your data, you have the right to request access to personal data which we hold or process about you. All the requested information which is not exempt from the right of subject access will be delivered to you within 30-days and is free of charge.
Data Protection and Information Security Measures
We only store the minimum amount of personal information about you to ensure that we can effectively provide you the information you need about my goods and services and the information we need for billing and order fulfilment. All information we collect is stored, archived and destroyed compliantly and ethically by either ourselves or GDPR-compliant third parties.
We take the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process.
We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
SSL (Secure Sockets Layer) Encryption and Certificate
SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data collected about you is passed between the web server and browsers and remains private and integral.
We employ access levels on our website, email and booking software to ensure that your personal information is only accessed by the minimum number of pre-approved individuals necessary to ensure quality service.
Our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
GDPR Roles and Employees
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this website and on others. The most effective way to do this is to disable cookies in your browser.