Data Protection and Privacy Policy
Policy last updated – 31 January 2022
Introduction:
This data protection and privacy policy outlines our commitment to you concerning your personal data.
What is personal data?
Personal data covers any information that enables us to identify you as an individual. This information could include, name, address, telephone number, email address, credit card details or bank details (submitted when making a booking).
How do we use your personal data?
All information that we hold concerning you as an individual will be held and processed by us and our booking and email software (Wix.com) in accordance with the provisions of data protection legislation.
We will use your data to administer our relationship with you and to provide you with information about our activities.
We will respect your preferences to be included or not included in e-mail mailings. Please use the options within the emails to unsubscribe or contact us by email, telephone or by post using the contact details below.
Data Retention
We will only keep your details for as long as necessary and will remove your details from our database as soon as possible:
Individuals who receive our e-news – once you unsubscribe we will remove your data
Guests who have booked with us – we will delete your booking information 6 years after your last stay.
Will we share your personal data?
We will not sell, share or transfer your details with anyone else for marketing purposes.
If you book with us your data will be transferred stored by us for the purposes of facilitating your booking and payment.
Use of cookies
At present we’re only using cookies to collect Google Analytics – these collect anonymous data so we can see how successful our site is and what people are interested in looking at.
General Data Protection Regulations
From May 2018 all organisations which use personal data of service users, customers, staff or any other individuals need to be compliant with a new set of data protection regulations, these regulations are referred to as GDPR.
GDPR overlaps with, and sit in relationship to the Privacy and Electronic Communications Regulations (PECR) which governs the use of electronic communications such as email and SMS messages.
We will comply with GDPR and PECR.
Six Lawful Basis for Processing Data
There are six lawful bases for processing the data of an individual. In this instance ‘processing’ qualifies as both using their data to send information and using their data to achieve operational objectives. The six lawful basis are;
-
Where we have the consent of the data subject
-
Where processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
-
Where processing is necessary for compliance with a legal obligation
-
Where processing is necessary to protect the vital interests of a data subject or another person
-
Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
-
Where necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject
If an individual is new to us we will be explicit how we will use their data, which includes what we will send them, at the point of sign-up.
For bookings we will communicate with you by email before and immediately after your booking to facilitate the booking process and your stay. After your stay we will not contact you again unless you have subscribed to our mailing list as part of your booking process or have asked to subscribe to our mailing list by completing a form.
Opting Out: Above both consent and legitimate interest is the individual’s right, at any time, to make any changes to the ways in which we contact them; through the mail, telephone, email, or messaging service. Any individual can request changes to what we send them and by which medium. This includes opting out of all communications.
Legitimate Interest:
Guests booking with us – As a guest booked to stay with us it is a legitimate interest for them to receive details of their booking for payment and facilitating their stay, including reminders, arrival information and thanks. We believe Guests expect us to use their data to contact them in these ways for the period running up to, and immediately after, their booking. Unless guests have subscribed to our mailing list they will not hear from us again and their data will be deleted as set out under ‘Data Retention’ above.
Making changes to contact preferences
In all cases our office staff are able to change people’s contact preferences. To make changes to your contact preferences please contact us using the details below.
Contacting us regarding your personal data
As an individual, you have a right under data protection legislation to obtain information from us, including a description of the data that we hold on you. Should you have any queries concerning this, please contact us using the contact details below.
Post: Bagwyllydiart Farm, Orcop, Herefordshire. HR2 8EX
Email: email sanctumretreats@gmail.com
Telephone: 01981 241190