(REVISED FOR EU GDPR)
Our Commitment to GDPR
The European Union’s General Data Protection Regulation (GDPR) has taken effect from May 25th, 2018. GDPR regulates the governance of personal data for EU citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU.
The GDPR imposes additional requirements upon companies to strengthen the security around, and enhance the protection of, personal data of EU residents.
Strawberry Cottage, as a Bed & Breakfast company, has made information security and data privacy foundational principles of every step we take, long before GDPR was ever introduced.
We recognise the importance of passing regulations to advance information security and data privacy for citizens of the EU, and all citizens, regardless of their location.
We are firmly committed to GDPR compliance – please see our GDPR Statement for further in-depth details.
Our main services include, but are not limited to:
- Bed & Breakfast
- Wedding Functions
This Privacy Notice is meant to help you understand what Personal Data we might collect, why we collect it, and what we do with it. It also describes the choices available to you with regard to the use of your Personal Data and how you can access and update this information.
We are committed to protecting the privacy of our websites visitors (“Visitor”), individuals/businesses that purchase our services (“Customer”) and individuals who register with our website or services (“User”).
We have adopted the following principles to govern its use, collection, and transmittal of Personal Data, except as specifically provided by this Policy or as required by applicable laws:
- Personal data will only be processed fairly and lawfully
- We do not collect any more personal data than is necessary to provide the services
- We only use your personal data for the purposes we specify in this Privacy Notice, unless you agree otherwise
- We do not keep your personal information if it is no longer needed
- We do not sell, distribute or share your personal information with third parties
- You can have your data updated at any time
- You can remove your data at any time
- You can request a copy of the data we store on you at any time
- Personal data is securely stored and managed
What Is Personal Data?
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Personal data is subject to the protection requirements set out in the GDPR.
Examples of data considered as personal data:
- a name and surname
- a home
- an email address such as email@example.com
- an identification card number
- location data (for example the location data function on a mobile phone)
- an IP address
- a cookie session ID
- the advertising identifier of your phone
Examples of data not considered as personal data:
- a company registration number
- an email address such as firstname.lastname@example.org
- anonymised data e.g. statistical data
How We Collect and Maintain Information
We collect and maintain information about our Customers and Users, which may include:
- First and last name
- Postal address
- Phone and mobile number
- Website URL
- Email address
- Credit card information* – Strawberry Cottage does not currently receive or store client credit card details. But we may do so in the future if need arises.
- Other billing information, i.e. order details, subscription and license information
- Profile data of Customer’s authorised users and account administrators
- In addition, we collect User’s profile data (name, email).
In order to communicate with us or to use our services, you may be prompted to provide certain personal data in the following ways:
By filling in forms (i.e. a “Contact Us” form) on our websites or anywhere else we conduct business
- Contact us offline (i.e. by phone, SMS, email or post)
- By downloading or accessing our services
- When you register to use our websites, applications or services. This may include your name, postal address, phone and mobile numbers, URL, email address.
- When you place an order using our websites, applications or services. This may include your first and last name, postal address, phone and mobile numbers, website address, email address and payment details.
- By subscribing to our newsletters, taking part in surveys, post on our message boards, post any blogs, enter any competitions or prize draws, or any other communications
- Interact with us using social media eg Twitter
- By corresponding with us by phone, email or otherwise using our contact details
Typically, the personal data you give us may include name and email address, and any personal details required to resolve any enquiries or complaints.
Customer Support and Service
When Customers or Users contact us for support or other customer service requests, we maintain support tickets and other records related to the requests, including any information provided by Customers or Users related to such support or service requests.
How We Use Personal Data
We use personal data provided by you to provide the services and for business purposes such as processing and fulfilling orders, marketing, and for other general purposes.
We will never share your personal data, or otherwise make your personal data available to any third parties for the purposes of marketing or targeting you. We will not sell, rent, or exchange your personal data with any third-parties. If, for whatever reason this needs to change in the future, we would never do so without your express permission.
We use your personal data we collect to:
- Conduct and develop our business with you
- Operate, evaluate, maintain, improve and develop the websites (including by monitoring and analyzing trends, access to, and use of the websites for advertising and marketing)
- Monitor, carry out statistical analysis and benchmarking (i.e. Google Analytics for sites pages tracking), provided that in such circumstances it is on an aggregated basis which will not be linked back to you or anyone else
- Engage and educate you about our services
- Provide you with documentation or communications which you have requested
- Correspond with you to resolve your queries or complaints
- Provide you with any services you request
- Send you marketing communications, where it is lawful for us to do so
- Protect and ensure safety of the all data collected
How We Protect Your Personal Data
All of your Personal Data remain private and confidential. The security of your Personal Data is extremely important to us.
We follow generally accepted standards to protect personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. All our websites use SSL to encrypt any data that is transmitted from you to our websites, also any forms that are sent from our websites are also encrypted.
However, we adopt physical, technical, organisational and policy measures to ensure that your Personal Data is protected, including the prevention of their alteration, loss, damage, unauthorised processing or access, having regard to the nature of the Data, and the risks to which they are exposed.
We will never request your account credentials. You should never share your account information with anyone else, including your username and password. We recommend that you use a unique password for your appropriate accounts that you have with us on our various services, that is not in any way associated with other websites. You should check your account regularly to ensure that your Personal Data has not been tampered with or altered.
Any suspicious activity regarding your account, including automated messages from parties you cannot identify, should be reported to your website Administrator and us using the contact information below.
Use of Third Party Services For Data Management and Processing
We use various 3rd party services to the collection, management and processing of our data.
Our commitment to data protection and information privacy demands the use of 3rd party services that are also committed to the same end.
All our 3rd party services will be GDPR compliant and will themselves have their own applicable privacy policies.
All such 3rd parties and their relevant policies are listed at the end of this policy notice.
Where lawful to do so, and subject to your consent where required, we may communicate with you about our services. If you wish to unsubscribe from receiving these kind of communications, you may do so at any time.
Cookies are small text files that are placed on your computer by websites that you visit. These text files can be read by these websites and help to identify you when you return to a website. Cookies can be “persistent” or “session ID” cookies. Persistent cookies remain on your computer when you have gone offline, while session ID cookies are deleted as soon as you close your web browser.
We may use both session ID cookies and persistent cookies. For session ID cookies, once you close your browser or log out, the cookie terminates and is erased. A persistent cookie is a small text file stored on your computer’s hard drive for an extended period of time.
In general, cookies are used to retain user preferences, store information, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.
We absolutely cannot take responsibility for any interaction you have with 3rd parties or services that are not directly our own.
Your Rights Under the Personal Data Protection Laws
As our Customer or User, you have the right to:
- Be informed about the processing of your personal data
- Object or restrict the processing of your personal data
- Ask for a copy of the information about the data we store on you at any time.
- Correct, update, amend, or remove personal data. If you no longer want to use our services, you may request it to be deactivated at any time.
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
- The right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can also contact us using the details below.
Your Responsibilities Under the Personal Data Protection Laws
It is important to note that you also have responsibilities when it comes to Data Protection.
One such important case is where you may request from us a copy of the information about the data we store. We are obliged to ensure that the request is legitimate and does in-fact originate from you.
In this regard, we will undertake steps in an attempt to verify the legitimacy of the request, before releasing such information. If you do not cooperate in this, or we cannot satisfiably verify legitimacy, we may not release such information in a timely manner. To act otherwise could represent a significant breach of privacy. As such, we request your full cooperation in this regard – any requests on our part to verify your request will be undertaken solely to protect against breach of your personal information.
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
Automated Decision Making
We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved.
We’ll do this where it is necessary or is based on your explicit consent.
Data Retention Period
Data Retention Period is the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period.
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- for as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- for as long as we provide services to you
- retention periods in line with legal and regulatory requirements or guidance
If none of these criteria apply, we commit to purging any Personal Data no later than 16 months following your latest interaction/exchange with our services.
Example of long-term data retention
We are required by law to be able to report sales and tax information for up to 7 years. In this case we must retain any pertinent information of these transaction. We will have no choice to but to refuse any requests to erase this type of information from our records as they are required by law.
Changes to this Privacy Notice
We may change this Privacy Notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this Privacy Notice for changes whenever you visit our websites.
Our Data Protection Officer
We are a dedicated data controller of your personal data. We have a Data Protection Officer you can reach any time by using the details below.
How To Contact Us
If you have any questions about this Privacy Notice or complaints about how we process your Personal Data and you want to contact our Data Protection Officer, you can do that by going to the Contact Us section of our websites or send email to bookings@StrawberryCottage.co.uk. Your issue will be resolved as quickly as possible.