This privacy notice sets out how we collect and process any personal information we collect about you when you use our website
Taylor Cottage takes its responsibilities for your personal data security very seriously and this policy is designed to comply with UK data protection legislation.
By providing us with data, you warrant to us that you are over 13 years of age.
Taylor Cottage is a data controller.
Our full contact details are Taylor Cottage St Andrews, KY16, UK Email: firstname.lastname@example.org
The new General Data Protection Regulation 2018 clearly states that the personal data we hold about you must be:
Used lawfully, fairly and in a transparent way.
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
Relevant to the purposes we have told you about and limited only to those purposes.
Accurate and kept up to date.
Kept only as long as necessary for the purposes we have told you about.
We are accountable for these principles and must be able to show that we are compliant.
INFORMATION WE COLLECT & HOW WE COLLECT IT
When we provide you with a service we will ask you for your contact details (name, billing address, email address & telephone number). We use this information to process your order, to provide post-sales support and for sales analysis purposes. The legal bases we use to process your data in this way are: contract (in order to fulfil our contract with you) and legitimate interest (in understanding and running our business). In this instance the information will be collected directly from you or from a representative acting on your behalf.
We capture information about how our visitors interact with our website and use this data with a 3rd party service, Google Analytics. This data is captured, aggregated and made available to us via the Google Analytics tools.
We use Google Analytics to help us better understand what content and products visitors want. We do not use analytics data to track or identify individuals.
WHAT DO WE USE YOUR INFORMATION FOR?
We will use/process your information for the following purposes only:
To provide a service that you have requested us to undertake on your behalf.
To carry out the contract we have entered into.
To send you specific marketing information on the grounds of legitimate interest. Please note that you can unsubscribe from our marketing list at any point by clicking ‘unsubscribe’ on the bottom of any email that we send.
HOW IS YOUR DATA STORED?
Your personal data is stored on a password protected database. The information is only accessed by 1 member of staff on computer systems that are password protected. Paper copies of your personal data may be kept for the purposes of accounting and we may have a legal obligation to provide it to a legal authority such as HMRC. .
WHO DO WE SHARE YOUR DATA WITH?
We partner with several companies worldwide and from time to time may have to disclose your personal information to complete a booking or service. Information shared with third parties will be limited only to that which is deemed necessary to complete the booking or service you have requested. All third parties will be required to afford your data the appropriate level of confidentiality and to use it in accordance with the law and our polices.
We have put in place appropriate security measures to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those agents, contractors and other third parties who have a business need to know such data. They will only process your personal on our instructions and they are subject to a duty of confidentiality.
Some of our partners are not based in the EEA. Countries outside the EEA do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Please email us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
HOW LONG DO WE KEEP YOUR DATA?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
By law we must keep basic information about our customers for 6 years after the cease to being customers for tax purposes.
These are your rights, provided by GDPR, in relation to your personal data:
Right to be informed – we need to tell you various things about us and our data processing activities.
Right to access – you have a right to ask if we hold personal data about you and, if so, you have a right to access that data and to know how it’s used.
Right to rectification – you have a right to have your personal data updated if it is not correct or completed if it is incomplete.
Right to erasure (the ‘right to be forgotten’) – you have a right to have your personal data removed from our systems.
Right to restrict processing – you have a right to restrict our processing of your personal data.
Right to data portability – you have a right to be provided with a copy of your personal data in machine-readable electronic format.
Right to object – you have a right to object to processing of your personal data in certain circumstances.
Right to object to automated processing – you have a right to object to decisions based on automated processing (including profiling).
Most of your rights contain exceptions and conditions that affect how and when they apply. You can find more information about individual rights at the ICO website. If you wish to exercise any of these rights or have questions about our use of your personal data, then please contact firstname.lastname@example.org
Finally, you also have the right to lodge a formal complaint to the relevant supervisory authority (the ICO) if you think we’ve breached your rights. We would be grateful if you contact us in the first instance, if you do have a complaint, so that we can try to resolve it for you.
LINKS TO OTHER WEBSITES
This privacy notice does not cover other websites that we link to from our site.
UPDATES TO THIS PRIVACY NOTICE
Any changes to our privacy notice will be published here and announced on our website. This policy was last reviewed and updated on 19th May 2020.