About this policy
The Data Controller (the organisations responsible for looking after your data) is the partnership Brooklinn Mill Holidays. When we say “we”, “our”, “us”, etc., that’s who we’re talking about.
We are grateful for the trust you place in us to arrange holidays, and to use personal information responsibly. We are committed to protecting your information and we believe you have a right to know how we will use it. This policy sets out the data protection principles we follow.
This policy covers our dealings with customers– people who have booked or are looking for a holiday. Please note that our customers must be over the age of 25 and we do not therefore collect personal information from children.
We will update our Privacy and Cookies Policy as data protection law or business practice changes. You can always find the latest version of this policy on our website, www.brooklinnmill.co.uk This version of the policy is effective from 25 May 2018.
Data Protection Officer
Our Data Protection Officer is Louise Copeland, who may be contacted using our contact form or via post, to Brooklinn Mill Holidays, Brooklinn Mill, Blairgowrie, PH10 6TB, UK.
We generally use your data either on the basis of your consent, or based on a contract between us (e.g. when you book a holiday). You have the right to withdraw your consent. All our marketing communications include an unsubscribe link, to make it easy to withdraw consent.
If you withdraw your consent (e.g. by opting out of marketing communications), we will stop processing your data as requested. Bear in mind if you have a holiday booked and you have not yet travelled, we’ll still need to hold onto your data so we can process the holiday. That’s because the contract between us is the basis for using your data (rather than consent). For more information, see the “Legal basis of processing” section below.
If you are concerned about the processing of your data, please contact our Data Protection Officer (see above). If you are unhappy with our use of your data, you also have the right to make a complaint to the Information Commissioner’s Office, which supervises data protection in the UK.
You have the right to receive a copy of your personal data. You also have the right to request that we correct or remove your data, when there remains no legal basis for keeping it. Please note that when these rights are exercised, we will conduct identification checks in order to ensure your privacy is safeguarded. You will need to contact us using our contact form or post, to exercise these rights.
Personal information we collect
In order to provide you with the best possible holiday service, we collect the following information:
- Identification: name and title.
- Contact details: postal addresses (main and billing), phone numbers, email addresses.
- Bookings: property booked, holiday start/end dates, cost of holiday, amounts paid, any additional special requirements for example whether you require us to provide a cot or whether you are bringing your dog.
- Marketing preferences: whether you wish to receive marketing information from us.
- Payment: method, amounts collected, third party payment service provider references. Please note that we do not capture or store your full card details: payment is handled by our payment service providers (see below).
- Browsing: historical searches, how you use our website, website experience user survey responses, the devices and IP addresses you use to access our services (operating system, browser, …). We collect this information so that we can continuously improve our website and our service to you, and to maintain security of our website.
- Holiday experience: any feedback you leave, responses to customer satisfaction surveys, whether you have a pet, interests (e.g. preferred holiday type, such as walking holidays).
- Communication: emails, letters, responses to questionnaires, your interaction with our marketing (clicking links in our marketing emails, for example – we track this to help ensure our communications are relevant and interesting).
Through our partnerships, we may receive some of the above information from other companies you use (e.g.Paypal). In such cases, those companies must also inform you about their use of your data.
How we use your personal information
We use your personal information to:
• Manage your holiday booking
• Understand how to improve our accommodation and services
• Detect and prevent fraud or abuse of our services
• Communicate with you, including for example, responding to your emails, messages on social media, web chat requests, handling customer service matters and so on
• Process your payments
• With your permission, send you relevant marketing information such as details of competitions, special offers and items of news related to Brooklinn Mill Holidays and the local area which we think will be of interest to you
• Manage competitions, promotions and special offers in which you participate
• Make sure our servers and websites are operating correctly
How we collect personal information
We receive personal information from:
• You, as you provide it to us (e.g. when booking a holiday, leaving a review or enquiring about renting our holiday properties )
• Your use of our website
• Third party holiday providers you may book with, who advertise our properties (e.g. HomeAway, Tripadvisor, Airbnb)
• Your interaction with our marketing activities (provided you have not unsubscribed)
• Third party review services such as TripAdvisor
Legal basis of processing
There are several grounds on which we will store and use your data:
- Consent: for certain types of processing (e.g. marketing activities), we rely on your consent to use your data. You may withdraw your consent at any time (see “Your rights”, above).
- Contract: much of the time, our use of your data will be because of the contract between us – that is, in relation to your holiday booking. We will usually retain relevant data for up to seven years from the date the contract completes – e.g. the last day of your holiday.
- Legal obligations: we are under certain binding legal obligations, such as accounting to the government for tax and making financial records available for audit. In such cases, we are typically obliged to retain data for up to seven years from the date of the transaction.
- Legitimate interests: we use data to manage our operations and to make business process improvements. Rest assured, our legitimate interests will never override your right to privacy
How we share your personal information
We may provide details of your data and transactions to our technical partners in order for them to assist us in resolve technical issues relating to our website or booking platform should the need arise. These companies are under strict obligations to protect your privacy. Our technical partners are:
We may give some of your contact information to our appointed representatives (for example cleaners or trades people) in the event that we are not here, so they can get in touch about key collection or emergency repairs. We also give you their contact details, for the same reason.should the need arise.
If you permit us to send you marketing information, we may share your data with companies that provide specialist marketing platforms. These companies are under strict obligations to protect your privacy and comply with your marketing preferences. Our marketing partner companies are:
Mailchimp: www.mailchimp.com The Rocket Science Group, LLC675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
• 1. We store your data in certain cloud services provided by third parties. Those third parties do not however have access to your data.
• 2. We do not transfer your data outside the UK or the European Union.
Security of your data
We protect your data with various technological measures. We also regularly test and evaluate the security of our systems, updating safeguards as appropriate. Our staff are trained in the importance of security and privacy and we treat breaches of confidentiality and privacy as disciplinary matters.
Payment service providers
In order to ensure your transactions are as secure as possible, we hand over payment card processing to the following suppliers:
• PayPal (Europe) S.à r.l. et Cie, S.C.A. Attention: Legal Department, 22-24 Boulevard Royal L-2449, Luxembourg
Links to other websites
Our website contains links to other websites which we feel may be of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.