Katie Robins, the luxuryselfcateringrockcornwall.com website and your Privacy
Who am I?
This website is run by Katie Robins, owner of Tomhara, whose offices are located at: 39 Ennerdale Road, Kew, Richmond, Surrey, TW9 3PE, United Kingdom.
You may contact me via email at firstname.lastname@example.org or call on 07770 847368.
How do I collect information
To book a self catering holiday, I collect the following personal information: your name, address, e-mail address, contact telephone number and guest information.
- Administrative Matters
If you have booked a self catering holiday direct with me, or with an authorised holiday booking agent, I will use your personal information to process and fulfil your booking request. I will also use this information if there is a problem of some kind. I will send you an e-mail notifying you what is happening and asking what you would like me to do about it.
- Enquiries and correspondence
I collect your personal information when you give it to me, for example when you give it to me by submitting an enquiry by telephone, e-mail or through my online contact form [click here].
I also collect your personal information when you give it to me, for example when you enquiry by telephone, e-mail or through my online contact form [click here].
How do I use your personal information?
The legal basis on which I rely to use your information are:
- to allow me to perform my contracted obligations to you: When you book a holiday from me, a contract between you and me will have been entered into. In order for me to fulfil my obligations under such a contract, I will need to collect and process your personal information, including payment information. To process any booking(s) you have purchased from me via telephone, or via one of my authorised agents, and to contact you about them;
- to allow me to exercise my legitimate interests as a data controller: I rely on my legitimate interests as a data controller to process the personal information that you provide to me via forms, telephone enquiries, or through any contest or promotional feature that I may run, and to process personal information that I collect from you. It is in my legitimate interests as a business to process the above information an effective and secure manner in order to provide the best service, administer my website and process your booking;
- to look at and respond to any messages, complaints or other queries you might send me; and
- to notify you about any changes to website, services or products;
- to provide you with certain marketing information related to Tomhara and the locality where you have provided your explicit consent for us to do so.
User’s aged 16 and under
If you are aged 16 or under please get your parent/guardian’s permission before you provide any personal information to the luxuryselfcateringrockcornwall.com’s website. I do not permit or encourage users who are 16 or under to provide me with personal information without the appropriate consent.
In order to provide you with best experience the website uses “cookies”. Cookies are small text files placed on your computer to collect standard anonymous Internet log and visitor behaviour information which allows me to analyse how visitors are using my websites and help me improve the visitor experience.
You can change the settings on your browser to not accept cookies, however some features of our website may not work or may not be accessible to you if do.
For more general information about cookies, please visit: http://en.wikipedia.org/wiki/HTTP_cookie
Disclosure of personal information and your rights
I will only disclose your personal information to:
- my business partners, suppliers and sub-contractors i.e. my cleaners and gardeners so that they are aware when the house is inhabited, for the performance of any contract I enter into with them or you. Any information I hold about you will be treated in strictest confidence and held securely on my server, or our agents’ servers, in compliance with the Data Protection Act 1998. I will not divulge any of your details to any third-party without your permission, except when it is necessary for me to fulfil a booking or satisfy a request made by you;
- our third-party service providers in order to identify or resolve technical problems arising from the use of the website or to assist with the payment process; and any regulators, law enforcement or fraud prevention agencies, as well as my legal advisers, courts and any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity, enforcing my rights or other regulatory or legal matters.
All information you provide to us via telephone, and documented on paper, or through our authorised agents is stored on either secure servers or placed within locked storage located at my office. Personal data transmitted to my website is securely encrypted using SSL.
Unfortunately, the transmission of information via the internet is never completely secure. Although I will do my best to protect your personal data, I cannot guarantee the security of your data transmitted to my site; any transmission is at your own risk. Once I have received your information, I will use strict procedures and security features to try to prevent unauthorised access.
Links to other websites
My website contains links to other sites that are not under my control, even though they may use my name or logo on their website, through an agreement with me. Such other websites do not necessarily follow my privacy policies, and may place their own cookies on your computer.
This practice is standard on the Internet. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that I do not accept any responsibility or liability for these policies.
I make no undertaking or warranty about how or where your data may be stored by third parties with whom you may choose to engage via my website, and to whom you may supply personal data, or request that I supply personal data.
Storage and retention
Where I collect and store personal data it will be held on servers located within the European Economic Area (EEA). I do not transfer your personal data outside of the EEA.
I will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, I will delete it.
All data is held in line with the best security practices. Servers are in a secure data centre with appropriate physical security measures including access control, fire management and power backup. Data communications lines are diversely routed through different transit (bandwidth) providers. All unused services and accounts are disabled, account lockout policies are tight, strong passwords are used on all accounts. All servers are promptly patched with the latest security updates. All digital servers use up-to-date antivirus software which is updated multiple times each day.
The retention period may vary depending on the purposes for which the information was collected. Where a specific legal or regulatory requirement applies to your information I will retain it for the period of time specified in such legal or regulatory requirement.
In the absence of a specific legal or regulatory requirement I will retain your information for six years following the event to which it relates (e.g. the specific sale, the specific competition, etc). I may be required to extend the retention period if the information is required due a complaint or because it is required for litigation. Please also note that I am sometimes legally obliged to retain the information, for example, for tax and accounting purposes.
Your rights regarding your personal information
You have certain rights in relation to your personal information that is processed by me. I set out an overview of these rights below. These rights are not absolute and apply subject to certain conditions, as set out in applicable data protection laws. Your rights may include:
- the right to access personal data held by me about you;
- the right to require me to rectify any inaccurate personal data held by me about you;
- in certain circumstances, the right to require you to erase personal data held by me about you;
- in certain circumstances, the right to restrict my processing of personal data held by me about you;
- in certain circumstances, a right to receive personal data which you have provided to me in a structured, commonly used and machine readable format. You may also have the right to require me to transfer this personal data to another organisation, at your request;
- the right to object to my processing of personal data held by me about you (including for the purposes of sending marketing materials to you); and
- the right to withdraw your consent, where I am relying on it to use your personal data (for example, to provide you with marketing information about my services and products).
You can exercise these rights by e-mailing me at email@example.com.
Contacting the Information Commissioner’s Office (ICO)
Should you wish to make a complaint, you may also contact the Information Commissioner’s Office here.
This policy was last updated on 25th May, 2018.