Your Data and Your Privacy
In order to fulfil our contractual obligations to you (our guests or potential guests) we have to collect and keep secure certain information that identifies you, known as Personally Identifiable Information (PII).
We are committed to protecting and respecting your privacy.
Changes to the Data Protection laws and the introduction in May 2018 of the GDPR (General Data Protection Regulation) require us to provide the information below regarding the processing go your PII.
Who we are and what we do
We are Andrew and Skipper Roland, t/a Hook Cottage, providing holiday rental accommodation which is located in Chipping Campden. We determine how and why your personal data is processed and as such we are the data controller.
We are registered with the Information Commissioners Office.
What we collect
Personal information supplied by you on an enquiry/booking form/email/telephone call, which may include your name, address, email address, telephone number and any other information specific to your booking, including the names, number, sex and age range of your party, and any other information that is relevant to our meeting your holiday requirements and providing you with the best service.
Your IP address is also classed as Personally Identifiable Information, and is included in any emails you send. we use Google Analytics (GA) to help us review our marketing performance; GA is configured to analyse your IP address.
We do not collect any information about you that is financially sensitive. Card payments or refunds are processed online via secure link between you and a secure third party gateway (Stripe Payments). We do not take card payments directly over the phone or in person and therefore we do not collect, store or process sensitive card data. We are compliant with the Payment Card Industry Data Security Standard (PCI DSS).
Why we collect it
There are a number of legal bases for collecting and storing data that are defined by different headings under GDPR. The headings that apply to our relationship with you are Contract, Legal Obligation, Legitimate Interest and Consent.
Booking Contracts: We collect the information we need to answer any enquiry you make regarding our holiday accommodation, and to process any resulting booking from initial booking through to your departure and any subsequent communication or feedback. The basis for this is defined under GDPR as Contract.
Accounting and tax: We use information to enable us to produce figures to meet our legal obligations for accounting and tax. The basis for this is defined under GDPR as Legal Obligation.
Market research: We analyse information to enable us to assess trends in booking patterns and how we have obtained bookings (e.g. via a third party listing site, direct to our website, recommendations and others) and how many enquiries convert to bookings. This helps us to make best decisions on how we use our advertising budget. The basis for this is defined under GDPR as Legitimate Interest.
How we store it
Data is stored on a password protected drive. We may use data for research, accounting and tax, and marketing as described above.
How long we keep it
We are required to keep records of the information needed for accounting and tax purposes for six years. Any data not required for the purposes of accounting and tax is kept for twelve months.
How we protect it
You might enter information on our website, so our website and domain has an SSL security certificate to provide a secure connection between you and the website. When you visit our website you should see the padlock symbol alongside our domain name as confirmation. All data is on password protected computers. If you make a payment by card, your name and address information is required by our card processing gateway, Stripe Payments, for security verification and we pass that information to them as encrypted data. The card transaction process is then handled directly between you and the payment gateway. Other than for the payment gateway process described above we do not share your data with any third party for any reason other than if legally required to do so for purposed of lawful investigation.
Your rights to see the information we hold about you
If you have any concerns you an ask to see the information we hold about you and have it corrected or deleted. Please contact us by email to firstname.lastname@example.org. There is further information about your rights under GDPR on the Information Commissioner’s Office website, whom you should also contact if we are unable to resolve any complaint regarding your data or privacy www.ico.org.uk