Return to website

Privacy

Terms and Policies

Cookie Policy | Privacy Policy | Terms of Use | Disclaimer Policy

 

Your Data and Information Safe in our Hands

Definitions

When we use the terms "Our Website" we are referring to this website, or "Our Company", "Our Business", "Us" , "We", "Our", we are referring to our Company.

When referring to "information" we refer to data, either recognisable or anonymous.

The Data Protection Act 1998 and The General Data Protection Regulation.

We process your data in accordance with the Data Protection Act and the GDPR under UK Law. The purpose of this privacy policy is to inform anyone who may potentially send us their personal data and what data we are willing to receive.

  • a) Why we request data and what data we are willing to accept.
  • b) How long we retain this data (legal requirement or business requirement)
  • c) If data is disclosed to a 3rd party.
  • d) how you can find out what data we hold about you and your right to request erasure or restricted processing, where data is not held and processed as a requirement by UK Law or a UK regulatory requirement.

Strictly no special or sensitive data (special and sensitive data as outlined in the GDPR) will be requested or should be submitted, emailed or transmitted to us via email or any other contact method.

To process an enquiry you may have, we only accept the following personal data. Full name, telephone number, email address, along with your enquiry, so that we can reply to the enquiry.

To process a booking or order, we will only accept the following personal data. Full name, telephone number, email address, along with your booking/order information so that we can process your booking or order.

To process an online deposit, part payment or full payment online, we use a PCI-DSS level One compliant and approved booking/order system and/or payment gateway to accept your card or paypal payment as required by Debit and Credit card companies.

We want you to feel secure when visiting our website, or submitting form data or sending us emails, and are committed to respecting your privacy. Below we give an overview of how we do that.

We comply with the principals of Article 5 of the General Data Protection Regulation.

  • a) processed lawfully, fairly and in a transparent manner in relation to individuals;
  • b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  • c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  • f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

1: The personal data we collect from our website or email:

Website Access, Recognisable Data: When you access our website our web hosting, the hosting servers stores certain data indirectly within daily access logs. This recognisable data contains your external internet I.P address only. This data is used solely for fraud detection, to detect malicious attacks, detecting unauthorised access and for maintaining the general security and traffic management of our systems. Based upon this information certain IP addresses or IP address ranges that overuse bandwidth or cause a security concern will at our discretion be banned/blocked from connecting to our website. Those IP addresses will be stored and processed for a period of 5 years, but reviewed annually to see if any IP addresses no longer pose an issue to our data, systems and networks. All other daily access log data will be erased within 30 days from that IP's daily connection.

  • a) We collect personal data Indirectly and Directly.
  • b) We collect Recognisable Personal data and Anonymous data.

Anonymous Data & Cookies: Because we comply with the EU/UK Cookie Law, to ensure we have made you aware of the cookies we use, and our privacy policy (by display this to you as a popup), we save a cookie to your device when this popup is displayed to you. This cookie is an anonymous cookie, which cannot be used by us or others to recognise you or your device. The cookie is named EUCookiedirective and the data is "IMPLIEDCONSENT", this cookie is expired on your device every 30 days, and we will repeat the action above when that cookie has expired.

Contact Recognisable Data: We also collect data when you give it to us. For example, you may email us by using a link from our website or use a website form to pass the information we have requested from you, or you wish to submit to benefit from our services/products/newsletters etc, which will then allow us to reply to your enquiry. When we collect this type of information, we will notify you as to why we are asking for it and how this information will be processed, how long it will be retained and who it will be shared with.

Recognisable Data & Cookies from Social & Media networks: When visiting our social media pages which are supplied by various online media networks such as twitter, facebook, google, bing, tripadvisor, instagram, linkedin, you tube or any other media. The privacy policy, data policy and cookie policy of that online media network where you have an account with them and have already accepted that policy applies to any data they will process, or where you do not have an account with them, they will disclose their privacy policy, data policy and cookie policy on their website.

2: Data Processing & Retention We retain the following data where we take or process it, because of a legal requirement or business requirement to do so.

This data processing and retention policy is provided to demonstrate the retention period of data, when that data is sent to us via our online websites, 3rd party websites, social media or via direct or indirect email communications. This policy is subject to change when either required by UK law or to better align our data processing, archiving and retention policy in accordance with UK regulation, legal requirements or lawful business requirements.

  • a) Our Business ~ Enquiries not resulting in a purchase, 30 days
  • b) Our Business ~ Booking or Order Cancellations, 5 years
  • c) Our Business ~ Refunds or Credit Notes, 6+1 years
  • d) Our Business ~ Threat or Potential of Legal Action, 15 years
  • e) Our Business ~ Other data not covered by UK regulations/law, 3 years
  • f) Companies Act/HMRC ~ sales/purchasing/cash/payments data for 6+1 years.
  • g) Taxes Management Act ~ Payroll for 6+1
  • h) The Reporting of Injuries 1995 ~ Accident Incidents 3 years past date
  • i) Discrimination Acts/Race Relations ~ job application unsuccessful, 6 months
  • j) SSP Regulation ~ Sickness, 3 years after end of tax year
  • k) Limitations Act 1960 ~ Leases, fifteen years after expiry
  • l) DPA ~ Pension Scheme, 6 years after death
  • m) DPA ~ Insurance records, 3 years post lapse
  • n) Employers Liability regulation ~ insurance certificates 40 years
  • o) DPA ~ Claims Correspondence, 3 years after settlement
  • p) Companies Act ~ Health and Safety permanent

 

How do we use information?

We may request or accept information from you in order to process an enquiry you have regarding the products or service that we deliver/provide.

We also take and process data regarding sales and purchases (you make) and retain and process that data within the confines of UK regulations and laws, including the GDPR.

We may also use data for other purposes, which we would inform and describe to you at the point at which we collect that information.

When we request information within a form, for example a Call to Action form or Contact form, we will display a link to this document and ask you if you are happy with this Privacy Policy before you submit your information.

3: Do we disclose or Share your information with other organisations.

Your data can be collected by our bookings or purchasing suppliers or our payment gateway provider, when this is the case our partner who is authorised by us to take this data, will provide you with a privacy policy and will outline why data is being taken and how it will be processed and for how long it will be retained.

We do not share any of your data with any other organisations unless the law permits us to do so.

We do not sell individual information.

We will share data only with our authorised Data Processors, who must act at all times on our instructions as the Data Controller within the confines of the Data Protection Act 1998 and the General Data Protection Regulation.

Before you submit any information, we will notify you as to why we are asking for specific information and it is up to you whether you provide it.

4: Access to Data/Information we hold about you.

You are entitled to know whether we hold information about you and if we do, to have access to that information and require it to be corrected if it is inaccurate.

You can also request that any data we have be erased or have a restricted processing policy place upon it, unless there is a legal requirement or business reasons why it cannot be, in which case we will offer a full explanation for any rejection for that request.

You can do this by contacting us via email through our website and addressing the subject and/or body to "The Data Protection Officer". Your data is kept secure as required by the data protection act (GDPR).

5: Security

We take appropriate steps to maintain the security of your Online data when it is stored in the Cloud.

  • a) Hosting for this website is located within a secure Data Centre, monitored by CCTV, and accessible only be approved personnel with specific security privileges based upon the data centre requirements.
  • b) The information contained within our hosting space and associated hosting services are secured with appropriate firewall policies and security permissions as well as authentication levels of access.
  • c) Emails can also be received or sent using secure connections.
  • d) Where we request card payments, an appropriate payment taking service and/or Gateway provider with a compliant pci-dss compliancy level required by the credit and debit card companies, will take card payments on our behalf.

We take appropriate steps to maintain the security of your Offline data stored within our own local storage solutions.

  • a) Where we request card payments via Chip and Pin or Payment Card Not Present payments, we are pci-dss certified and undertake regular quarterly scanning as required by the Debit and Card companies PCI-DSS compliancy requirements.

The open nature of the internet means that your data may flow over networks without security measures and may be accessed and used by people other than those for whom the data is intended.

Our intention is that this should not happen and we take measures to ensure that it does not, though we advise that all individuals who submit personal information to us, do not use Open Wi-fi or free secured wi-fi networks to communicate their data to us, without using secure email SSL or TLS connections or secure website communications to add an additional security measure to the data that they are sending.

No Tracking Analytics - for our online visitor's piece of mind

UK websites often use implied consent to execute free 3rd party tracking and analytics code to record their visitor's movements and even their purchases. It is the website owner's responsibility where tracking/analytics are installed and executed to inform the visitor how their business and the 3rd party tracking/analytics company will use your data.

7: If you do not want to be tracked on the Internet by other 3rd party website analytics and tracking services!

The majority of EU and worldwide websites track your visits and even purchases online using 3rd party tracking services, these providers may also use that data for their own needs or share that data with others.

The new Mozilla v58 browser can block tracking analytics, not using a "Do Not Track" which websites ignore, but by blocking the website tracking/analytics code so it is not executed.

Settings / Options / Privacy & Security / Tracking Protection.

This will block one of the widest used free 3rd & 1st party analytics provider, Google Analytics.