GDPR Privacy & Cookie Notice
we/us = Aultbea Lodges
you/your = Guest that made the booking
GDPR Privacy Notice
We confirm that we will comply with the provisions of the GDPR and the Data Protection Act 2018 when processing personal data about you and that we have appropriate security measures in place.
We will process your personal data in order to provide you with the services you have requested.
We will also process your personal data for management and analysis purposes.
We obtain this personal data during your booking process:
Or it is provided to us by an external booking agent which you have used, in line with their policies (such as, but not limited to Homeaway, Booking.com, Trip Advisor) and then stored within our freetobook booking system.
Your Personal Data
We use freetobook as our booking software, to collect and store information that you give when you make a booking. You are asked for your name, address, telephone number, and email along with payment information, the age of any children under 16, and “the names of any guests travelling with you”. This may also include your IP address.
This information is stored in the freetobook System in order to process your booking and we will contact you in relation to your booking via email and if necessary by telephone.
Your data is also stored after you have stayed, but will be kept no longer than necessary in order to comply with legal obligations and for us to welcome your repeat business.
You may be asked to send feedback after your stay, via our booking suite freetobook. Your email address will be used for this purpose. If you complete a review it may be posted on our property website, facebook page, google plus or other social media. However, no identifying details will ever be attached to a review posting.
Data processed directly by third parties
We do not share or pass on any of your personal data unless it is directly required to run our business
We will disclose clients’ data to selected, GDPR-compliant, third parties, who are only permitted to use your data for specified purposes and in accordance with our instructions. Those third parties have appropriate security measures in place regarding your personal data which are in line with our policies and the GDPR legislation. (eg Accountancy)
Where you have booked with an external party (such as, but not limited to: Homeaway, Booking.com, Trip Advisor – they forward your personal information to us, as per their policies, and we become the 3rd Party, storing it within our freetobook booking system).
If you provide payment information, this will be processed directly by secure PCI Level 1 compliant payment gateway providers.
In order to facilitate online booking and by using their software, we operate together with freetobook as joint data controllers for the processing of your personal data.
In accordance with General Data Protection Regulation (GDPR), Aultbea Lodges observes reasonable procedures to prevent unauthorised access and misuse of personal information.
We use appropriate business systems and procedures to protect and safeguard any personal information given to us.
We also use security procedures and technical and physical restrictions for accessing and using the personal information on our servers.
Only authorised personnel are permitted to access personal information in the course of their work.
Control of your Personal Data
Access: You have the right to request an overview of your personal data that is stored by us
Rectify: You can also contact us if you believe that the personal information we have for you is incorrect
Right to Erasure: Also known as the Right to Withdraw Consent, Opt-Out or Right to be Forgotten.
If at any time you wish to withdraw your consent, it should be done so in writing, by email or letter.
(subject to legal and regulatory compliance and crime prevention)
When consent is withdrawn, your data will be removed from all of our own systems.
Please note that any discount which is offered to returning guests, will no longer be offered if your data has been withdrawn
Where you have made your booking via a third party (such as, but not limited to: Homeaway, Booking.com, Trip Advisor – your request must go to them if you wish for them to also delete your personal data.
For any of the above, or if you have any other questions about how your personal information is used or about any other information within the Privacy Statement, please contact us using any of the contact details supplied above.
Data Protector Officer (DPO)
We do not:
Employee over 250 people
carry out online profiling,
carry out business overseas
deal with sensitive info or any special data processing
Therefore we are not required to nominate a DPO but if you have any queries or concerns about your data, please get in touch with Emma using any of the contact information given above
To Process your information as described above, we rely on the following legal bases:
Performance of a contract. The storage of your information may be necessary to perform the contract that you have with us (your booking).
Legitimate Interests. We may use your information for our legitimate interests, such as for administrative, fraud detection and legal purposes.
A cookie is a small amount of data that is placed in the browser of your computer or on your mobile device. These cookies are used only to help you make a smooth booking and contain information like the date searched and language of booking. There is a difference between session cookies and persistent cookies. Session cookies will only exist until you close your browser. Persistent cookies have a longer lifespan and are not automatically deleted once you close your browser. We use persistent cookies in Google Analytics to analyse visitor traffic and behaviour.