Cornish Cottages LTD Privacy Policy
Cornish Cottages Ltd (“We”) are committed to protecting and respecting your privacy.
This policy ( together with our terms of use and any other documents referred to on it ) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act (the Act) and GDPR, the data controller is Cornish Cottages Ltd of Mullion Meadows, Mullion, Helston, Cornwall, TR12 7HB, United Kingdom.
Information you provide to us
When using the the forms on our site, whilst emailing us or over the phone you will typically provide us with the following information:
- Name & billing address
- Email address
- Email marketing preferences ( opt in )
- Party members for the holiday
- Optional holiday preferences, such as extras
- Card summary information, eg last 4 digits, type and expiry, SagePay provide these to us when you enter your card details via their site when paying by card.
Information we may passively collect
We may collect your IP address and browser user agent string ( eg “Chrome” ) when you submit forms on the site, this is used for anti-fraud purposes and to identify and block abusive users of the site ( anti-abuse, eg form spam ).
Information we may pass on to third parties
When you pay by card online, we need to supply your billing address to the card processing company ( we use a service called SagePay ), as your bank requires it for anti-fraud checks during processing as part of their address verification system ( to prove that we know your correct address ). SagePay store the details of the transaction which includes your name and address and summary card details ( brand, last 4 digits, expiry date ) as well as optionally a “continuous authority token” if you have opted to remember your card. If you subscribe to our mailing list/s we will need to pass on your name and email to our mailing list service provider ( we use a service called MailChimp ). They use those details to deliver our email as well as track delivery failures so we can prune no longer functional addresses from our list.
If the need arises, we may pass your details ( address, telephone and email ) on to an owner, caretaker or housekeeper, eg. for returning property left behind after a stay, for legal proceedings, customer support or any other justifiable case.
Information third parties may collect
We use a traffic analysis service called Google Analytics, they report aggregate stats about site usage to us, so we do not have the ability to inspect the activity of single “session”, only for instance the number of views a page has had throughout the day with numbers by hour, they may also collect your ip address and browser information to populate network and browser level stats. We also use a service called Tawk.to, which provides online support ( chat ), their “widget” is loaded on most public pages of the site, they may passively collect your ip address and browser information for their own anti-abuse programme as well as showing the support agent where the user may be from ( to country level resolution ).
Information you provide to third parties
When paying by card online or over the phone, those details are entered directly on our payment processors site, so they have access to that data for the purposes of processing your payment. Our card processor is SagePay.
Where and how your information is stored
The information you provide to us is stored primarily in the United Kingdom and as such within the European Economic Area (EEA). If you have subscribed to our newsletter your name and email address may be stored in the USA ( at present, but potentially elsewhere ) via our mailing service provider MailChimp. If you pay online via card, data held by our chosen card processor SagePay may be transferred to or stored outside of the EEA by them or their upstream providers as well as your bank.
Our site as well as that of all of our chosen service providers use SSL/TLS enforced/encrypted connections to protect your information during transit over the Internet.
On our servers your personal details are partially encrypted ( the high resolution components of your address, telephone numbers and email address ) using currently deemed secure methods ( primarily AES 256 with both site and account level keying ).
Your password, if provided is not stored in a recoverable format, a representation of it is stored hashed using a high workload key derivation function, which includes site and per-account level salting, the method we use is currently ( at the time of writing, early 2018 ) deemed secure for password storage by current industry standards.
What do we use your information for?
We use your information for processing your bookings and sending you booking related as well as requested material, such as emails, letters and possibly brochures. If you have opted in to our special offers or news mailing, your name and email will be used to send you occasional special offers or property news via email. Any information we may collect passively as indicated in the section/s above are used to maintain a smooth operation of the site and to track errors as well as performance.
Cookies
We use cookies ( temporary “variables” ) required for essential function of the site as well as for customer support and performance monitoring of the site. This includes session cookies, and cookies placed by either Google or Tawk.to for the function of those services.
Cookie in use: SID_CC15, ANYA_CC15, propShortList, propPrefs, and 2-3 tawk prefixed variables.
You may disable cookies by following the instructions for your chosen web browser, however the site will cease to fully function for you.
Your access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. All of the information that you have provided to us is also visible to you within your online account if you created one during registration ( if not you may ask us to set up an account login free of charge ).
Right to be forgotten
If you wish to have us remove any information that we may have related to you, you may request that we remove that information from our systems where possible. Please note that if you have made financial transactions with us we are required to keep detailed records of those and will not be able to remove information related to those. We can remove your email address, telephone numbers along with anything that may be used for email or online marketing purposes upon request.
Changes to our privacy policy
We may change our privacy policy from time to time. We will always update the privacy policy on our website, so please try to read it when you visit the website.
Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to enquirires@cornishcottages.co.uk
Updated 25/05/2018 ( R6 )