Glenegedale House is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with GDPR, the types of personal data that we collect and process about our guests and web-site visitors. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
Who we are
Glenegedale House is a data controller, meaning that it determines the processes to be used when using your personal data.
Our contact details are as follows:
Glenegedale House, Glenegedale, Islay, Argyll PA42 7AS
Email : firstname.lastname@example.org
Data protection principles
In relation to your personal data, we will:
- process it fairly, lawfully and in a clear, transparent way collect your data only for specified and specific purposes
- only collect the minimum information we need to meet the purpose
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it securely, reducing the risk of it being lost or stolen.
What data we collect about you
Personal data means any information capable of identifying an individual. It does not include anonymized data. We may process certain types of personal data about you as follows:
- Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
- Contact Data may include your billing address, email address and telephone numbers.
- Financial Data may include your bank account and payment card details.
- Transaction Data may include details about payments between us and other details of purchases made by you.
- Technical Data may include, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access our website.
- Profile Data may include bookings you have made with us in the past, your dietary requirements, preferences, feedback and survey responses.
- Usage Data may include information about how you use our website
Why we process your data
There are 6 lawful reasons for processing personal data, which are:
- You give consent for us to process your data
- It is necessary to fulfil a contractual obligation with you
- There is a regulatory obligation on us to do so
- It is in the legitimate interest of the company to do so
- It is in the public interest to do so
- It is in your vital interest to do so.
How we collect your data
We collect personal data about you through a variety of different methods including:
- Direct Interactions: You may provide data when filling in forms on the website (or otherwise) by communicating with us by post, phone, email, or otherwise, including when you:
- Make a booking
- Request marketing material be sent to you
- Give us feedback
- Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
- Analytics providers such as Google based outside the EU;
- Identity and Contact Data from publicly available sources such as LinkedIn
We do not collect sensitive data.
Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
We will retain certain Personal Data in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which in the UK may be up to 6 years after a particular transaction).