Fairlight Jones – External Privacy Notice
The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal information under current data protection law. We take our data protection responsibilities seriously and this notice reflects the obligations set out in the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”) and any laws in England giving effect to its provisions.
WHO ARE WE
Fairlight Jones Ltd is the Data Controller of the information we collect about you. You can contact us for general data protection queries by email to email@example.com Please advise us of as much detail as possible to comply with your request.
PRINCIPLES OF DATA PROTECTION
The GDPR requires that the personal data we hold about you must be:
Used lawfully, fairly and in a transparent way.
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
Relevant to the purposes we have told you about and limited only to those purposes.
Accurate and kept up to date.
Kept only as long as necessary for the purposes we have told you about.
HOW WE COLLECT INFORMATION ABOUT YOU
Information you have given to us during the course of your bookings and quotations with us.
Forms you have completed and given to us.
Information that you have given us over the telephone.
Emails that you have sent to us.
Information that you provide by filling in forms on our website.
Information that you provide when you discuss your preferences with our team prior to and post-departure.
Information that you provide when completing our guest satisfaction form.
Website Cookies and similar technologies
We track your use of our website through cookies and other similar technologies so that we can provide important features and functionality on our website, monitor its usage, and provide you with a more personalised experienced. However, we do not hold your IP address as part of this data (meaning that the data-set we hold in this regard is anonymised).
THE PERSONAL DATA WE COLLECT
Personal data is defined as any data, which relates to a living individual who can be identified from the information held. In order to carry out our business, we hold data personal data such as:
Your Name and Address
Name, title, gender and date of birth for all guests
Driving licence details if appropriate
Passport details for API
Information relevant to providing a tailored service for your party.
WHY THE DATA IS HELD
To assess and provide the products or services that you have requested.
To communicate with you.
To market our products or services.
For the purposes of our legitimate interests as a business, we may collect and use your personal data for direct marketing (with appropriate options to opt-out at any time).
RECIPIENTS OF PERSONAL DATA AND HOW WE ENSURE YOUR DATA IS SECURE
We choose our service providers carefully and require them to take appropriate security measures to protect your personal data. We will share your personal data with the following recipients:
All personal data we collect is stored remotely and securely with our computerised reservations system provider: Metafour UK Ltd.
Our website is intentionally non-transactional.
When you make a payment with us via credit/debit card by telephone the transaction is processed via a secure payment system and these details are never retained by us. These payments are processed by Axcess Payment Services Limited on a secure server using ‘https’ technology.
We also share your data with third parties who help us fulfil your holiday requirements, namely credit airlines, flight aggregators, car hire and transfer companies, boat operators and property owners or their appointed representatives.
TRANSFER OF DATA OVERSEAS
Personal data we collect from you in certain circumstances will be transferred, stored and/or processed outside the European Economic Area (“EEA”).
Specifically if you are travelling to Turkey, we need to send your personal data to our own staff and third parties outside of the UK and European Economic Area so that we can provide you with your holiday.
In some countries, the law requires passport details to be lodged with the local police. In some instances, we will share them directly with the police, in others we may be required to transmit them to the property owner or their appointed representative to pass on to the police.
RETENTION AND DELETION
We will hold your personal data only for so long as is necessary for us to do so.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where we no longer need to process your personal data for the purposes set out in this notice then we will delete your personal data from our systems.
You have the right:
To ask us not to process your personal data for marketing purposes. You can unsubscribe from our direct marketing at any time by clicking the “Unsubscribe” link in any of our emails or by contacting us at firstname.lastname@example.org
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request the correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate data we hold about you corrected.
Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Ask us to stop processing personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.
Lodge a complaint regarding the processing of your data with the Information Commissioner’s Office.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact email@example.com and kindly allow thirty days for your request to be actioned.