Privacy Policy Saddlers Cottage

SADDLERS COTTAGE

DATA PROTECTION, PRIVACY, PROCESSING, COOKIES AND ACCEPTABLE USE POLICIES

 

 

DATA PROTECTION AND PRIVACY POLICY

 

// OUR DATA PROTECTION AND PRIVACY POLICY

Handling of personal data obtained via our Website, Social Media, Email, Telephone and or any other forms of contact.

 

Customer privacy and trust in us is extremely important to the owners of Saddlers Cottage, therefore, we have the responsibility for controlling and processing this information and ensuring it is kept confidential.  Therefore, we want you to know how we use your information and why.  Please also see our separate Data Processing Agreement.

 

We promise respectful treatment of the personal information of everyone we have contact with.  We want it to be simple and clear.

 

The rest of this policy explains how we do that – when and why we collect information, how we use it, the situations when other people can see or use it and how we keep it secure.

 

We don’t sell, rent or trade email lists with anyone else.

 

// GDPR PRIVACY NOTICE

This Privacy Notice explains how information about you is collected, used, and disclosed by Saddlers Cottage when you use our website, services, and or communicate via social media, email, telephone, and or any other forms of contact.

 

This website is not intended for children, and we do not knowingly collect data relating to children.

 

Controller – Saddlers Cottage, Gillian Fox is the controller and responsible for your personal data.  If you have any questions, please do contact us as below:

 

Full name of the legal entity – Saddlers Cottage

Name and address – Gillian Fox, Saddlers Cottage, Broughton in Furness, Cumbria

Email – gillian@foxy4.co.uk

 

// CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF ANY CHANGES

It is important that the personal data we hold about you is accurate and current, therefore, please keep us informed if your personal data changes during your working relationship with us.

 

// THIRD-PARTY LINKS

Our website may include links to third-party websites, plug-ins, and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice of every website you visit.

 

// WHOSE INFORMATION DO WE COLLECT

1. Customers – Who have bought or enquired about accommodation at Saddlers Cottage
2. Suppliers/Associates – Suppliers or potential suppliers of goods or services to us
3. Affiliates/Referrers – Who have signed up to our affiliate scheme or who have referred Prospects to us
4. Employees/Assistants – Our employees/assistants if we have any. Employees should refer to data privacy information relating to their own data to their contract of employment

 

// COLLECTION OF DATA ON CONTACT

We are committed to protecting your privacy and honouring your legal rights to control how we use your personal data.

 

Your data is only collected when we really need to, usually including:

1. Direct interactions
2. Enquiring or booking our accommodation
3. Sending us a message via our Contact Us sections either via our Website or Social Media
4. Entering a competition, promotion or survey
5. Giving us feedback

 

We may collect, use, process and store different kinds of personal data, which could be as follows:

1. Identity – including first name, last name, username, marital status, title, date of birth and gender.
2. Contact – including billing and delivery address, email address, and telephone number.
3. Financial – including bank account and payment card details.
4. Transaction – including details about payments to and from you and other details of services you have purchased from us.
5. Technical – including internet protocol (IP) address, your login data, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
6. Profile – includes username and password, orders made by you, your interests, preferences, feedback, and survey responses.
7. Usage – includes information about how you use our website, products, and services.
8. Marketing and Communications – includes your preferences in receiving marketing from us and our third parties and your communication preferences.

 

Such information is voluntarily sent to Saddlers Cottage by the customer.

 

// WHY WE MAY USE YOUR PERSONAL DATA

We may use information about you for various purposes, including:

1. Creating bookings.
2. Responding to your comments, questions, and requests to provide an efficient and fulfilled service and support.
3. Send you booking/enquiry updates, newsletters and or offers.

 

We may share information about you as follows:

1. In response to a request for information if we believe disclosure is in accordance with any applicable negotiation or legal requirement.
2. To report abuse or illegal activity.
3. Our services may offer social sharing features and other integrated tools, which let you share actions you take on our services with other media, and vice versa. The use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of the data collection and processing relating to social sharing features, please visit the privacy policies of the entities that provide these features.
4. Any feedback information published to our Social Media Facebook page will only be done so by yourself, of which you automatically approve of it being there for the public to see. As such, this feedback information may automatically be placed onto our Website and other Social Media platforms.
5. Any testimonials or reviews sent to Saddlers Cottage will be done so by you, of which you agree for this information to be used on our Website and Social Media platforms.

 

// IF YOU FAIL TO PROVIDE PERSONAL DATA

We may not be able to accommodate your booking.

 

// RECIPIENTS OF YOUR PERSONAL DATA

Data we collect about you via collection at contact or use of personal data.  We may disclose your personal data to recipients whom we are in communications with on behalf of your business, such as client contacts and suppliers.

 

// HOW LONG WE WILL KEEP AND THE DELETION OF PERSONAL DATA

1. We will remove your personal data when we no longer need to process them in relation to one or more of the purposes above.
2. Generally, we will store your personal for as long as there is still an active booking. Otherwise, we will store your personal data for a minimum of 1 week and a maximum period of 5 years following your last enquiry, booking and or cancelation of a booking, unless otherwise agreed by yourselves.
3. In some circumstances, we may anonymise your personal data for research purposes only.
4. If you subscribe to a newsletter or updates list, you will remain on the list/s you joined until you unsubscribe from that list.

 

//DOWNLOADS, NEWSLETTERS AND SERVICES

We monitor who opens what in our newsletter lists and pre-set sequences of information we sent you.  We do this, so we can see if content is popular and generate more of it, or if it is not read.

 

There may be sub-routines that trigger if you click on links or articles.  These are designed to offer you more information about things you are interested in.

 

Existing and previous customers may receive emails about specific offers relating to things you have already purchased.  You can unsubscribe from these at any time.

 

We may use automations (little sequences of emails that start when you ask for something in particular) to send you the information you asked for, to send you products you have bought and to administer services you have subscribed to.  A lot of our onboarding for new products is by emails that send you hints and tips and little videos on ‘how to’.  You can unsubscribe from these at any time, but they do not go on for that long and you might want to wait for all the information as most people find it useful.

 

We monitor who reads our mailing and automations, how many times and which links you choose to use and read.  We use this information to increase the content’s level of interest and help us improve what we send.  You can remove your information from this monitoring by disabling cookies on your website browser before opening emails from us.  From time to time, we contact individual email newsletter subscribers, but it is rare.

 

We use anonymised data about you from time to time to target advertising campaigns based on profiling the sort of person who wants to receive information from us.

 

We ask our own team to contact Prospects from time to time.  This is normally because you have requested a call, or because we are actively trying to let you know about something you may benefit from.

 

We are not a hard sell or cold calling based organisation but prefer to build long term relationships with satisfied and relaxed clients.

 

// SOCIAL MEDIA

We have an active presence on social media.  If you are using social media they are holding and using your information in accordance with their data privacy policy.

 

If you like any of our posts or follow us or contact us on social media we keep a record of that.  Your replies to us, messages you send us and other activity linked to our posts may be seen by members of or team and or our associates if we have any.  Our contracts with them hold them to high standards of protecting your information.

 

// NO SALE OR EXCHANGE OF YOUR DATA

We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.

 

// SECURITY

We have implemented security measures to ensure the confidentiality of your data via physical and logical access controls, backups and logs.  This is to avoid them being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed.  Limited access is given to contractors and other third parties who have a business need to know. 

 

Saddlers Cottage owners and assistants should ensure logging out securely at the end of any working session.

 

// WE MAY SHARE SOME OF YOUR DATA WITH THESE PEOPLE

If we decide to have an outsourced support team for our own business, which may include Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more.  They have limited access to your data, where the service they provide to us means they need it.

 

For example, if our IT support wants to check the functionality of a laptop or back up, they may require temporary access to information that may include something about you.

 

For example, if we invoice you, our Accountant needs to process the information in your invoice or for year-end accounts purposes.

 

Your information/advice is held in the strictest confidence, therefore anyone associated with  [_]  Cottage are all contracted to strict confidentiality clauses.

 

Export and downloading of data is restricted and held to a limited number of individuals who are authorised to back up data.

 

// YOUR RIGHTS

You have the right to know what information we are collecting on you, and to amend it if it is inaccurate.

 

If you feel for some reason, we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.

 

Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our products and services.

 

// OUR LEGAL BASIS FOR PROCESSING YOUR DATA

Booking or enquiring about accommodation at Saddlers Cottage.

 

// SSL Certificate

Our website utilities industry standard Secure Sockets Layer SSL technology to allow for the encryption of potentially sensitive information.  Information passed between your computer and our website cannot be read in the event someone else intercepts it.

 

This technology includes the following features:

• Authentication – this assures your browser that your data is being sent to the correct computer server and that the server is secure.
• Encryption – this encodes the data, so that it cannot be read by anyone other than the secure server.
• Data Integrity – this checks that the data being transferred to ensure it has not been altered.

DATA PROCESSING POLICY

 

// ABOUT OUR DATA PROCESSING POLICY

The controller (the owners of Saddlers Cottage) /processer (Gillian Fox) will process personal data, that may be linked to specific persons.

 

This Agreement outlines the terms and conditions of the control and processing of Personal Data.

 

// PURPOSE

The Processer must only process personal data for purposes that are necessary to fulfil service obligations such as Enquiries, Bookings, Payments, Cancellations, Reviews and any other forms of contact, such as Feedback.

 

// OBLIGATIONS OF THE DATA CONTROLLER (Saddlers Cottage)

1. Saddlers Cottage warrants that the personal data is processed for legitimate and objective purposes and to ensure that they do not process more personal data than required for fulfilling such purposes.
2. Saddlers Cottage is responsible for ensuring that a valid legal basis for processing exists at the time of transferring the personal data.
3. In addition, Saddlers Cottage warrants that the data subjects to which the personal data pertains have been provided with sufficient information on the processing of their personal data.

 

// OBLIGATIONS OF THE DATA PROCESSOR (Gillian Fox)

1. All processing by Gillian Fox of the personal data provided must be in accordance with the Data Controller Obligations and should comply with any and all data protection legislation in force from time to time.
2. The Processer must investigate immediately if any instruction infringes are made apparent.
3. The Processer must take all necessary technical and organisational security measures, including any additional measures, required to ensure that the personal data is not accidentally or unlawfully destroyed, lost or impaired or brought to the knowledge of unauthorised third parties, abused or otherwise processed in a manner which is contrary to data protection legislation in force at any time.
4. The Processer complies with personal data confidentiality at all times.
5. If the Processer processes personal data for anyone outside of the UK, they must comply with legislation concerning security measures in that country.
6. If the Processer raises the suspicion that data protection rules have been breached or other irregularities in connection with the processing of the personal data occur. Clarification in relation to the scope of the security breach, including the preparation of any notifications to the relevant Data Protection Agency should be undertaken as soon as possible within 24 hours.
7. The Processer must have available all information necessary to allow for contributions to audits, including inspections, conducted by outsourcing if required.

 

// CATEGORIES OF DATA SUBJECTS

1. The Processer will be processing contact-information on actual, potential, or former customers and or members, employees, suppliers, business and collaboration partners, and affiliates.
2. The Processer may split data into categories, such as below:
   1. Identity – including first name, last name, username, marital status, title, date of birth, and gender.
   2. Contact – including billing and delivery address, email address, and telephone number.
   3. Financial – including bank account and payment card details.
   4. Transaction – including details about payments to and from you and other details of services you have purchased from us.
   5. Technical – including internet protocol (IP) address, your login data, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
   6. Profile – includes username and password, orders made by you, your interests, preferences, feedback, and survey responses.
   7. Usage – includes information about how you use our website, products, and services.
   8. Marketing and Communications – includes your preferences in receiving marketing from us and our third parties and your communication preferences.

 

// TYPES OF PERSONAL DATA

1. Contact act and identification information including e-mail
2. IP-addresses
3. Domain-names
4. Usernames
5. Membership information
6. Analytics and usage data
7. Order-history and information
8. Contracts
9. Communication
10. Support
11. Pictures
12. Additional types of personal data may occur

 

// INSTRUCTIONS

Service:

Saddlers Cottage owners and assistants may process personal data concerning the data subjects with the purpose to deliver, develop, manage, administrate, and manage the accommodation services of Saddlers Cottage.

 

Security:

Saddlers Cottage owners and assistants shall ensure the confidentiality, integrity, and availability of personal data.  Implementing systematic, organisational, and technical measures to ensure an appropriate level of security, taking into consideration the state, art, and cost of implementation in relation to the nature of personal data and the risk of the processing.

 

Saddlers Cottage owners and assistants shall provide a high level of security in its services.  This security is provided through technical, organisational and physical security measures which include:

1. Relevant antivirus protection in place.
2. Backup of systems that process personal data.
3. Communications over the internet between systems that handle personal data are encrypted.
4. Classification of personal data to ensure the implementation of security measures.
5. Use of systems and processes that help in involving security in the handling of personal data.

 

Saddlers Cottage owners and assistants is justified to make further decisions about the necessary technical and organisational security measures that must be implemented to ensure the appropriate security level regarding personal data.

 

// RETENTION PERIOD

Personal data stored on the Saddlers Cottage owners and or assistants systems are deleted or anonymised within a reasonable time after the booking completion or cancelation – between 1 week and 5 years.

 

Should you have any questions regarding this agreement, please contact Saddlers Cottage via email: gillian@foxy4.co.uk

 

COOKIES POLICY

 

// COOKIES 

We currently use cookies on our website www.saddlerscottage.co.uk by using this site, you consent to the use of cookies. We use this to conduct information.  They may also carry out anonymous Website analytics, which track visits to the site, the geographical location of the user and browser type/versions used, the pattern of the users use of the service with regards to timing and frequency only and unfortunately, we do not have any control over that.

 

A cookie is stored within your web browser and allows recognition of the site the next time you visit.  If you require the deletion off cookies within your web browser, please take a look at the help pages on your own web browser.

 

Note:  If you decide to "Decline Cookies" on entry to this site you may experience issues accessing areas of the site.

 

Should you have any questions regarding Data, Privacy and or Cookies, please contact Saddlers Cottage at gillian@foxy4.co.uk

 

ACCEPTABLE USE POLICY

 

// ABOUT OUR ACCEPTABLE USE POLICY

The Acceptable Use Policy covers the security and use of all Saddlers Cottage information and or any IT equipment.  It also includes the use of email, internet, voice, and mobile IT equipment.  This policy applies to all Saddlers Cottage owners and assistants, contractors and agents (hereafter referred to as individuals).

 

This policy applies to all information, in whatever form, relating to Saddlers Cottage business activities worldwide and to all information handled by Saddlers Cottage relating to other organisations with whom it deals.  It also covers all IT and information communications facilities operated by Saddlers Cottage or on its behalf.

 

// COMPUTER ACCESS CONTROL – INDIVIDUALS RESPONSIBILITY

Access to the Saddlers Cottage IT systems is controlled by the use of User IDs and passwords.  All User IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the Saddlers Cottage IT systems.

 

Individuals must not:

1. Allow anyone else to use their User ID and password on any Saddlers Cottage IT system.
2. Leave their user accounts logged in at an unattended and unlocked computer.
3. Use someone else’s user ID and password to access Saddlers Cottage IT systems.
4. Leave their password unprotected (for example writing it down).
5. Perform any unauthorised changes to Saddlers Cottage IT systems or information.
6. Attempt to access data that they are not authorised to use or access.
7. Exceed the limits of their authorisation or specific business need to interrogate the system or data.
8. Connect any non-Saddlers Cottage authorised device to the Saddlers Cottage network or IT systems.
9. Store Saddlers Cottage data on any non-authorised Saddlers Cottage equipment.
10. Give or transfer Saddlers Cottage data or software to any person or organisation outside of Saddlers  Cottage without the owners and or assistants of  Saddlers Cottage’s authority.

 

// INTERNET AND EMAIL CONDITIONS OF USE

Use of Saddlers Cottage internet and email is intended for business use.  Personal use is permitted where such use does not affect the individual’s business performance, is not detrimental to Saddlers Cottage in any way, not in breach of any term and condition of assistance and does not place the individual or Saddlers Cottage in breach of statutory or other legal obligations.

 

All individuals are accountable for their actions on the internet and email systems.

Individuals must not:

1. Use the internet or email for the purposes of harassment or abuse.
2. Use profanity, obscenities, or derogatory remarks in communications.
3. Access, download, send or receive any data (including images), which Saddlers Cottage considers offensive in any way, including sexually explicit, discriminatory, defamatory, or libellous material.
4. Use the internet or email to make personal gains or conduct a personal business.
5. Use the internet or email to gamble.
6. Use the email systems in a way that could affect its reliability or effectiveness, for example distributing chain letters or spam.
7. Place any information on the Internet that relates to Saddlers Cottage, alter any information about it, or express any opinion about Saddlers Cottage, unless they are specifically authorised to do this.
8. Send unprotected sensitive or confidential information externally.
9. Forward Saddlers Cottage email to personal non- Saddlers Cottage email accounts (for example a personal Hotmail account).
10. Make official commitments through the internet or email on behalf of Saddlers Cottage unless authorised to do so.
11. Download copyrighted material such as music media (MP3) files, film, and video files (not an exhaustive list) without appropriate approval.
12. In any way infringe any copyright, database rights, trademarks, or other intellectual property.
13. Download any software from the internet without prior approval of the IT Department.
14. Connect Pocket Watch Assistant devices to the internet using non-standard connections.

 

// CLEAR DESK AND CLEAR SCREEN POLICY

In order to reduce the risk of unauthorised access or loss of information, Saddlers Cottage enforces a clear desk and screen policy as follows:

1. Personal or confidential business information must be protected using security features provided for example secure print on printers.
2. Computers must be logged off/locked or protected with a screen locking mechanism controlled by a password when unattended.
3. Care must be taken to not leave confidential material on printers or photocopiers.
4. All business-related printed matter must be disposed of using confidential waste bins or shredders.

 

// WORKING OFF-SITE

It is accepted that laptops and mobile devices will be taken off-site. The following controls must be applied:

1. Working away from the office base must be requested and agreed prior.
2. Equipment and media taken off-site must not be left unattended in public places and not left in sight in a car.
3. Laptops must be carried as hand luggage when travelling.
4. Information should be protected against loss or compromise when working remotely (for example in public places).
5. Laptop encryption must be used.
6. Particular care should be taken with the use of mobile devices such as laptops, mobile phones, smartphones and tablets. They must be protected at least by a password or a PIN and, where available, encryption.

 

Mobile Storage Devices:

Mobile devices such as memory sticks, CDs, DVDs, and removable hard drives must be used only in situations when network connectivity to Microsoft one drive/dropbox is unavailable or there is no other secure method of transferring data. Only Saddlers Cottage and assistants authorised mobile storage devices with encryption enabled must be used when transferring sensitive or confidential data.

 

Software:

Owners and assistants must use only software that is authorised by Saddlers Cottage on Saddlers Cottage or assistants computers.  Authorised software must be used in accordance with the software supplier's licensing agreements. All software on Saddlers Cottage and or assistants computers must be approved and installed by the Saddlers Cottage and or assistants.

Individuals must not:

Store personal files such as music, video, photographs, or games on Saddlers Cottage IT equipment.

 

Viruses:

Saddlers Cottage and assistants has implemented centralised, automated virus detection, and virus software updates within the system. All PCs have antivirus software installed to detect and remove any virus automatically.

 

Individuals must not:

Remove or disable anti-virus software.

Attempt to remove virus-infected files or clean up an infection, other than by the use of approved Saddlers Cottage and assistants anti-virus software and procedures.

 

Monitoring and Filtering:

All data that is created and stored on Saddlers Cottage and assistants computers are the property of Saddlers Cottage and assistants and there is no official provision for individual data privacy.

IT system logging will take place where appropriate, and investigations will be commenced where reasonable suspicion exists of a breach of this or any other policy.  Saddlers Cottage has the right (under certain conditions) to monitor activity on its systems, including internet and email use, in order to ensure systems security and effective operation and to protect against misuse.

 

Any monitoring will be carried out in accordance with audited, controlled internal processes, the UK Data Protection Act 2018, the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice Interception of Communications) Regulations 2000.

 

This policy must be read in conjunction with:

Computer Misuse Act 1990

Data Protection Act 2018 – UK General Data Protection Regulation (GDPR)

 

It is your responsibility to report suspected breaches of security policy without delay to Saddlers Cottage and all breaches of information security policies will be investigated.