Summary
Our full privacy policy is explained below, but the main points to note are:
We will put appropriate security measures in place to protect the personal data that you share.
We will only ever ask for what we really need to know.
We will collect and use the personal data that you share with us transparently, honestly and fairly.
We will always respect your choices around the data that you share with us and the communication channels that you ask us to use.
We will never sell your data
When we re-open in April 2021 we may be required to collect and retain your personal data for Track and Trace purposes. We will publish a separate policy and amend this one to reflect the government requirements at that time. Of course, we are happy to answer any questions now.
Who we are
We’re the firm of R&F Trevor, trading as the Eddrachilles Hotel, a husband and wife sole trader enterprise, privately owned and directly managed by the owners, and we are committed to safeguarding your privacy. This Privacy Policy (“Policy”) sets out our data collection and processing practices and your options regarding how your personal information is used.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
The provision of your personal data to us is voluntary. However, without providing us with your personal data, you may be unable to (as appropriate) take an action such as making a booking for accommodation or apply for employment.
.
Privacy Policy
1. How we use the information to help us run the hotel effectively:
We may use your information to:
·process bookings or general enquiries that you have submitted via the website form or by telephone;
carry out our obligations arising from any accommodation bookings or sales contracts you have entered into by you and us;
notify you of changes to our organisation;
send you communications which you have requested and that may be of interest to you. (These may include information about the booking or services about which you have enquired or any of our other activities)
process a job application.
conduct research into the impact of our marketing or PR campaigns;
2. What information do we collect?
The type and amount of information we collect depends on why you are providing it.
We will usually ask you for your name, email address and telephone number. We also routinely ask for details of any allergies or accessibility issues which we may need to address to make your stay at the hotel safe and comfortable.
However, we may request other information where it is appropriate and relevant, for example if we are processing a booking. This additional information might include:
(1) Details of why you have decided to contact us, or
• Your physical address
• Your bank details or debit/credit card details to secure a booking or other make other payment;
(2) information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit and number of page views;
(3) information about the services you use, services and products of interest to you or any marketing and/or communication preferences you give; and/or
(4) If you are a job applicant the information you are asked to provide is as set out in the application and necessary for the purposes of considering the application.
(5) any other information shared with us in relation to the different purposes set out at clause 1
Do we process sensitive personal information?
Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; and will only do so with your explicit consent.
3. Communications and marketing
Where you have provided us with your physical address, we may contact you by post; and where you have provided appropriate consent, also by telephone and e-mail, with targeted communications to let you know about our special offers and/or activities that we consider may be of particular interest..
4. Third-party payments
We may pass your information to our third-party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process accreditations or send you mailings).
These third parties have access to your Personal Information only to perform these specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.
5. Children’s data
We do not knowingly process data of any person under the age of 16. Bookings have to be made by an adult. If we come to discover, or have reason to believe, that you are 15 and under and we are holding your personal information, we will delete that information within a reasonable period and withhold our services accordingly.
6. Other disclosures
We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
International Transfer
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. This is because we work with trusted suppliers, for example for backing up data or our hotel booking application provider, who are a US company or who utilise servers based outside the EEA.
If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the information, including Personal Information, to the United Kingdom and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of Scotland shall have exclusive jurisdiction over the matter.
7. Security of and access to your personal data
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information.
Your information is only accessible by appropriately trained staff, volunteers and contractors.
The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.
Otherwise than as set out in this Privacy Policy, we will only ever share your data with your informed consent.
8. Your rights and how consent works
You have a choice about whether or not you wish to receive information from us. If you do not want to receive communications from us, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:
(1) Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
(2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 30 days to comply. A
(3) Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it.
(4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
(5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
(6) Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
To exercise these rights, please send a description of the personal information in question using the contact details in section 14 below.
Where we consider that the information with which you have provided us does not enable us to identify the personal information in question, we may ask you for (i) personal identification and/or (ii) further information.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio...
You are further entitled to make a complaint about us or the way we have processed your data to the Information Commissioner’s Office (“ICO”). For further information on how to exercise this right, please see the guidance at https://ico.org.uk/for-the-public/personal-information. The contact details of the ICO can be found here: https://ico.org.uk/global/contact-us.
9. Lawful processing
We are required to have one or more lawful grounds to process your personal information. Only 4 of these are relevant to us:
(1) Consent
We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing emails, for targeted advertising, and if you ever share sensitive personal information with us.
(2) Contractual relationships
Most of our interactions with subscribers and website users are so that we can enter contractual relationships with people. For example, if you apply for employment, or if you make a enquire about availability of hotel accommodation, or if you make a booking for accommodation.
(3) Legal obligations
Sometimes we will be obliged to process your personal information due to legal obligations which are binding on us. We will only ever do so when strictly necessary.
(4) Legitimate interests
Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights).
We will rely on this ground to process your personal data when it is not practical or appropriate to ask for consent.
When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.
10. Data retention
In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records three years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you ask us to delete it we will remove it from our records at the relevant time.
In the event that you ask us to stop sending you direct marketing or other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.
We review our retention periods for personal information on a regular basis (see item 11 of this Privacy Statement). We are legally required to hold some types of information to fulfil our statutory obligations, and please note there is ongoing discussion about how far a law generally regarded as obsolete should still apply for hotel accommodation bookings. You can request to remove your personal information at any time by emailing
11. Policy amendments
We keep this Privacy Policy under regular review and reserve the right to update from time-to-time by posting an updated version on our website, not least because of changes in applicable law. We recommend that you check this Privacy Policy occasionally to ensure you remain happy with it. We may also notify you of changes to our privacy policy by email.
12. Third party websites
We link our website directly to other sites, e.g.sites about local attractions and events close to the hotel . This Privacy Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.
13. Updating information
You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at info@eddrachilles.com
14. Contact
We are not required by law to have a “Data Protection Officer” – however we have a partner of the firm who is responsible, Fiona Campbell Trevor.
Please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed by either emailing the Partner for Data Protection at info@eddrachilles .com
or by writing to us at the following address:
Eddrachilles Hotel, Badcall Bay by Scourie, LAIRG, Sutherland, IV27 4TH