Yorkshire Velvet appreciate the trust you place in us to take care of your personal information. We are fully committed to protecting and respecting your privacy, as well as taking all appropriate measures to secure your data.
We are registered with the Data Protection Registrar, registration number ZA561584
We have set out our Privacy & Data Control Policy below. This policy is in line with GDPR requirements as well as other relevant legislation and current best practice. Please take some time to read and digest it. If you have any questions or would like any further clarification, please don’t hesitate to contact us on email@example.com
Please note, the most up to-date policy will always be available on our website here: https://yorkshirevelvet.co.uk/privacy-policy/
Who are we?
Yorkshire Velvet Limited are a small family run company based in Yorkshire. Our company registration number is 12160025.
We are the Data Controller – this means that we are responsible for looking after data you provide to us. Any reference to “we”, “our”, “us”, etc., is referring to Yorkshire Velvet.
You can contact us by emailing firstname.lastname@example.org Alternatively you can write to us at Yorkshire Velvet, 9 Marton Moor Road, Nunthorpe, TS7 0BL.
About this Policy
This policy covers individuals who contact us which includes customers and potential customers. A customer is anyone who submits their personal information to us for the purposes of learning more about our company, cottages or services OR someone who books, has booked or enquires to book with us.
As our customers and business contacts must be over the age of 18, we do not collect personal information from children.
Please note where data is collected via a website, this policy covers only our website(s) and not any third-party sites you may have used to find us.
Our site may, from time to time, contain links to and from the websites of our partners, advertisers and affiliates. Via our blog, social media and other marketing channels we may also recommend other relevant businesses / attractions and include a link to visit their website. If you follow a link to any of these websites you should refer to those individual companies to confirm their own privacy policies before deciding to submit any personal data to them. Please note that we do not accept any responsibility or liability for the use of third party websites or their privacy / data policies.
Information we may collect
- Identification – title, forename, surname
- Contact details – address, phone number (landline or mobile), email address
- Booking info – name of property, holiday dates, cost and amount paid, limited details of party make-up (e.g. number of adults / children / dogs), any special requests you’ve made for a booking
- Payment – dates of payment, type of card used, last 4 digits of card, card expiry date (please note we do not store or retain any full card details provided)
- Reviews – comments and scores you’ve given for a booking / property
- Communication – emails sent to us and from us to you, competition entries, clicks and opens of our marketing emails
How we collect information
Data is collected by us in a number of different ways via a variety of channels. It is normally provided by customers to us in order to find out more about us, make an enquiry or to book a property.
We obtain information in the following ways:
- Information you give us
- Via contact / booking forms on our website
- By telephone
- By email, fax or letter
- Via our Social media pages
- Via invitations to review properties
- Interaction data from our marketing newsletters
- Information we collect from other sources
- We may market our properties via a number of other platforms, websites and affiliates. We may be sent information from them that you have provided. In such cases the companies collecting the data should also inform you of their privacy and data policies.
IP addresses and cookies
If you use our website, we may collect information about your computer, including where available your IP address, operating system and browser type. This is statistical data about our customers browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.
- Google: https://policies.google.com/technologies/cookies
- Microsoft Bing: https://privacy.microsoft.com/en-gb/privacystatement
- Facebook – https://www.facebook.com/policies/cookies/
How we use / process the data we collect
We use the information we collect to help us run our business successfully and efficiently. With customer data we will use it to:
- Respond to your enquiry
- Complete and manage your booking including processing payments
- To confirm or advise of changes or problems with your booking
- Communicate with you leading up to your holiday ensuring you have all the info you need
- Continue to improve our website and marketing processes
- Detect and prevent fraud and abuse of our services
- To personalise our product marketing to you
- Keep you up to-date with our news, special offers and other interesting information
- To notify you if you have won a competition
- To help us respond to any queries you have about information supplied
Other ways we use data:
- To analyse financial performance
- To highlight key demographics for marketing purposes
- To access how we are performing in terms of customer service
- For statistical analysis
You have the choice to opt out of marketing communication from us at any time, by requesting this in writing or unsubscribing directly from any marketing emails. See below for more information around your rights.
Where we store your personal data & how we secure it
Any data we collect is stored and processed using carefully selected secure software providers. We take the security of your data very seriously and have taken all appropriate steps to safe guard it including:
- Using only established industry leading software providers
- Obtaining information & guarantees from software suppliers around their own data security policies and guarantees
- Utilising Firewall / antivirus protection in house and keeping it up to-date
- Testing our security systems to ensure they are robust
- Training staff on how to keep personal data secure
- Password protecting software, PCs, laptops etc. used to store data
- Encrypting data where possible
Some of the software systems we use may have data centres outside of the European Union, for example Mailchimp in the U.S. Mailchimp is one of the largest and most trusted marketing email software providers in the world.
We will only transfer information to software service providers to help manage our business processes where:
- We are satisfied that this is lawful
- We know that adequate levels of protection are in place to protect the integrity and security of any information being processed
- Any such suppliers are fully compliant with applicable privacy laws
In the example of Mailchimp, the transfer of data is covered under the Privacy Shield framework, a mechanism for U.S. companies to comply with data protection requirements of the EU. You can find out more about how this protects your data here: Privacy Shield
How we share your personal data
We share your data where appropriate with a very limited number of third parties and only ever to assist us with running our business professionally and efficiently. These parties would act at the Data Processors in this instance. The ways we share your data is set out below:
- Contact & booking information may be provided to property managers or cleaners so they can manage your holiday effectively
- Data is entered into or shared with the carefully selected software providers as detailed above for the purposes of customer / booking management and marketing
- Selected specialist suppliers to assist in posting brochures / leaflets etc. Data is deleted by these suppliers once it has been processed
- If you are using our concierge service it may be essential to pass on information to other third-party suppliers.
- We may share your email address with Google and/or Facebook to assist us with our marketing and promotion. They may use socio-demographic information about you to identify other people like you, with similar interests to present our marketing to. This socio-demographic information is not used for any other purpose nor shared with any other party. No information about other individuals identified from these networks is shared with us at any time.
- We also share your data with PCI Compliant Debit / Credit card companies to process payments
- If asked to, we may have to disclose your personal data without your permission in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend our legal right
Our legal rights to process your data
Our right to obtain, store, process and share your data is based on the following grounds:
- Performance of a Contract
When you make a booking with us a contract is formed between you and us. Contact and booking information is required to form that contract and to manage holiday bookings successfully. Without this data we are unable to perform our role as a holiday provider. Historical booking information and data provided in relation to a booking may also be retained.
- Legal Obligations
We are required by law to retain certain types of data, including financial records, so that we can respond to a request to audit our business. If we are required to disclose any information to an official third party or authority we will only do so where we are legally obliged to.
- Legitimate interest
Personal data is used by us to provide the very best service we can to our customers and other contacts. For example, we may use your name and contact details to notify you of a new cottage or Yorkshire event as you’ve expressed an interest in our cottages / staying in Yorkshire in the past. Your right to privacy will always outweigh these legitimate interests and you have the option at all times to unsubscribe or ask us to remove your details. Our right to share your data with the carefully selected third parties to run our business (as detailed above) is also covered under this right.
We rely on your consent for passing your data onto any other third party which isn’t covered in our normal business practices.
Your rights in relation to your personal data
The data we collect, store and process is normally provided to us by you directly. We take the responsibility of that very seriously and promise to take all appropriate steps to ensure it is used responsibly and securely.
At any time you have the right to ask us to amend or edit your data, or withdraw your consent for your data to be stored and processed. All of our email marketing newsletters include a link to unsubscribe with immediate effect. You can also email us on email@example.com to request this.
You have the right to request that we correct or remove your data, when there remains no legal basis for keeping it.
Please note, if you have made a booking with us we’ll need to hold on to certain elements of your data should this be required in the future. This is based on our ‘Contract’ right to hold data rather than ‘Consent’.
To summarise, you have the right to ask us at any time:
- To confirm whether we hold any of your personal data
- To send you a copy of any personal data we hold (SAR request detailed below)
- To correct any inaccuracies with the data we hold
- To delete any of your personal data (where the legal basis is Consent or Legitimate Interests)
- To stop processing your personal data (where the legal basis is Consent or Legitimate Interests)
Subject Access Requests
You have the right to receive a confirmation of any personal data we hold about you. This is referred to as a SAR or Subject Access request.
Once a request has been made we have 1 calendar month to respond.Please note that when these rights are exercised, we will conduct identification checks in order to ensure your privacy is safeguarded.
If you have any questions or concerns about the use of your data please contact us immediately so that we can rectify this. If you are unhappy about how we’ve used your data you also have the right to contact the Information Commissioners Office to complain.