This document describes how we collect, store and process personal data.
General Data Protection Regulation (GDPR) is effective in Europe (including UK) from 25 May 201We fully support this legislation and you can rest assured that we will only use your data as outlined in this Privacy Policy. This document is displayed on our website and is distributed to guests and property providers at booking or contract stage respectively.
What personal data do we obtain / store for:
Guests? (i.e. persons who book holiday accommodation with us)
When guests enquire or make a booking with us via our website they will be able to see a prominently located link to the privacy policy on our site. To view the policy guests can click on this link. Guests will also be sent a copy of said policy with their initial booking confirmation.
The only personal data stored about guests is the data in any individual enquiry or booking. This will be stored electronically. No paper backup records will be kept.
- For bookings taken via our website data will be obtained from on-line bookings (via Freetobook booking manager), by phone or email.
- When guests book via an agency (eg. Trip Advisor, Home Away, Airbnb, Cottages.com, Booking.com etc) the agency’s Privacy Policy will be relevant with relation to the data held by them. when data is released to us by said agency at booking stage a copy of our Privacy Policy will be provided to guest with booking confirmation.
- Such data will be stored in Outlook and if a guest requires details of data held this can be sent in the form of a business card.
- If a Guest requests the data held on them in freetobook booking manager we will send them a summary of the booking. This contains ALL the data held in freetobook.
- Credit card details can be obtained for payment purposes but are never retained / stored. See further details below regarding PCI compliance.
Property Providers? (i.e. cabin owners to whom we provide rental services)
- Such data will be stored in Outlook and if an owner requires details of data held this can be sent in the form of a business card.
- Generally, this is limited to email address, home address, bank details (for payment) and telephone number.
- This is obtained at the outset of rental service agreement.
How do we use data for:
Guests? Data is used to:
- Provide booking confirmations and appropriate booking related information.
- Liaise between initial booking and guest arrival.
- Chase payment and confirm receipts.
- Refund damage deposit post stay.
- Request and manage reviews.
- Deal with post stay issues (eg. Complaints, repeat bookings , lost property, damage claims).
- Credit / debit card details are used for payment but are never retained / stored. See further details below regarding PCI compliance.
Data will not be used for:
- Direct marketing, unless guest has given positive consent for such.
- Distribution to any third party, unless specifically agreed with guest.
Property providers? Data is used to:
Liaise regarding advertising, web listings, rental policies / rates, rental enquiries, reviews, damages, property maintenance and guest issues / complaints.
- Provide details of bookings received.
- Notify providers of rental payments.
- Make rental payments to bank account.
- Data will not be used for:
- Direct marketing.
- Distribution to any third party, unless specifically agreed with owner.
How do we store data:
- All records are held on D Winter’s (Director) computer, which is backed up to Onedrive. H Winter also has access to Onedrive via a second computer.
- Email addresses are stored in Outlook (D Winter Computer only) and on freetobook booking manager.
- Telephone numbers and home addresses are stored on electronic copies (word document) of booking confirmations and in freetobook booking manager.
- Contact data is stored for up to 18 months after guests’ stay with us. This enables us to deal with any post stay issues and have contact details available for repeat bookings.
- Any accounts related documents / data is stored for the time period stipulated by HMRC.
- No paper backups are stored for the above, accept appropriate accounts documents, as required by HMRC.
- No credit / debit card details are stored.
Credit / debit card processing and PCI (Payment Card Industry) compliance:
Card payments are currently taken from guests by 4 methods via our payment provider (currently PayPal):
- Automated deposits via freetobook booking manager.
- By payment provider invoicing.
- By direct transfer from guests to our payment provider.
- By payment provider Virtual terminal.
- For methods 1 – 3 card details are not disclosed to us and cannot therefore be retained.
- For method 4 guests provide card details to us for processing through a Virtual Terminal. Card details are not retained or stored by us once the transaction is processed.
Refunds are also made to guests via our payment provider. Guest’s card details are not disclosed to us as part of this process.
We are fully PCI compliant with our payment provider.
Data access, protection and security:
- David Winter & Hannah Winter are authorised to access data within the organisation. The organisation has no other employees.
- Data is stored on 2 computers and is backed up to Onedrive. Computer and Onedrive Login details (inc Passwords) are issued to the above named persons and are not disclosed to anybody else. No paper records of login details exist.
- Computers are kept secure by users at all times and when not in use are stored at home address, which has adequate physical security.
- Internet access is protected by appropriate virus protection / firewall to protect electronically stored data and internet router is physical protected and secure.
- Login details for Outlook, freetobook booking manager and booking agency websites are provided to the personnel described in item a. only.
If you are a guest or property provider with us and have any questions / suggestions regarding this document please contact David Winter at info@highland-hideaway.co.uk or on 07827 513 671.