I am committed to ensuring the security and protection of the personal information that I process, and to provide a compliant and consistent approach to data protection in line with UK and EU law.
In general your personal data will be used to provide the information, goods and services offered through my website to you, for billing and order fulfilment.
I ensure that individuals understand what they are providing, why and how I use it and give clear, defined ways to consent to me processing their information. I have developed stringent processes for recording consent, making sure that I can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
The pieces of information that I collect, from your voluntary submission through either the contact from or the booking form, are the following: name, address, email, phone number and your booking details (dates, prices, extras).
Credit card details are processed through the third party Stripe.
I have clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and provide unsubscribe features on all subsequent marketing materials.
I may disclose your personal data; if I sell my business, to agents and service providers and in cases where I am required by law to pass on information or if I believe action is necessary for fraud, cyber crime or to protect the website, rights, personal safety of person/s.
I may also disclose aggregate statistics about visitors to my website (customers and sales) in order to describe my services to prospective partners (advertisers, sponsors) and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
I am not responsible for the republishing of the content found on this website on other websites or media without my permission.
International Data Transfers & Third-Party Disclosures and Processor Agreements:
Where I use any third-party to process personal information on my behalf (i.e. payment processing, hosting etc), I ensure that they meet and understand their GDPR obligations. These measures include initial and on going reviews of the service provided, that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
Where I store or transfer personal information outside the EU, I have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data.
Data Subject Rights
You have the right to access any personal information that I process about you and to request information via a Subject Access Request (SAR) about:
- What personal data I hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long I intend to store your personal data for
- If we did not collect the data directly from you, information about the source
- The right to have incomplete or inaccurate data about you corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from me and to be informed about any automated decision-making that I use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Data Retention & Erasure
I do not retain personal data for any longer than necessary and have dedicated erasure procedures in place should you wish to exercise the ‘Right to Erasure’
Subject Access Request (SAR)
If you are concerned about your data, you have the right to request access to personal data which I hold or process about you. All the requested information which is not exempt from the right of subject access will be delivered to you within 30-days and is free of charge.
Data Protection and Information Security Measures
I only store the minimum amount of personal information about you to ensure that I can effectively provide you the information you need about my goods and services and the information I need for billing and order fulfilment. All information I collect is stored, archived and destroyed compliantly and ethically by either myself or GDPR-compliant third parties.
I take the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that I process.
I have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
- SSL (Secure Sockets Layer) Encryption and Certificate
SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data collected about you is passed between the web server and browsers and remains private and integral.
- Secure Payment Processing
I do not store any credit/debit card details as they are processed and held by the reputable third party payment provider Stripe.
- Secure Passwords
All your personal information is password protected.
- Access Controls
I employ access levels on my website, email and booking software to ensure that your personal information is only accessed by the minimum number of pre-approved individuals necessary to ensure quality service.
- Data Breach Procedures
My breach procedures ensure that I have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
GDPR Roles and Employees
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this website and on others. The most effective way to do this is to disable cookies in your browser. For more information I suggest consulting the Help section of your browser.