Data Protection and Privacy Policy
At Crieff Hydro Family of Hotels, to which Highland Safaris and Loch Tay Safaris belong, we take great care of all personal data we hold and have high standards of security and comply with regulations regarding the protection of your data.
This privacy statement explains how and why we collect and process your personal data. This relates to personal data you share directly with us – as our guests, our members, our suppliers and our booking partners. It also relates to personal data you share with third party introducers, booking sites and group travel partners who share your data to provide you with the services that you have requested. Where a third party has shared your data with us, we expect that they have informed you about the processing and sharing of your data.
Where you are applying for employment with the Crieff Hydro Family of Hotels, please refer to ourRecruitment Privacy Notice.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we collect and process personal data about you. Personal data is defined as any information relating to an identified or identifiable natural living person – a ‘data subject’. This privacy notice also provides information about your rights as a ‘data subject’.
Crieff Hydro Family of Hotels will always be transparent with you and make sure this privacy notice is available to you on our website or in paper format where required, prior to collecting and processing your personal data.
WHO ARE WE?
When we say ‘we’ or ‘us’ or ‘our’, we are generally referring to Crieff Hydro Ltd, our subsidiaries and the separate legal entities that make up the Crieff Hydro Family of Hotels.
Crieff Hydro Ltd is a company registered in Scotland. Company No. 000268. Our Registered Office is Crieff Hydro, Strathearn House, Ferntower Road, Crieff, Perthshire, PH7 3LQ.
HOW DO WE COLLECT YOUR PERSONAL DATA?
We currently collect your personal data through a number of sources, such as:
• When you contact us by phone, email, live chat and social media platforms such as Facebook and Instagram.
• When you complete forms, surveys and enter competitions on our website or on social media platforms.
• When you subscribe to receive our newsletter and receive information about our special offers and services.
• When you book and register as a guest in our hotels or self-catering accommodation.
• When third party partners, booking sites or travel groups share your data with us in order to book accommodation and facilities on your behalf.
• When you visit, receive consultations or use any of our spa or country clubs.
• Where you register and take part in any outdoor activities we provide.
• When you apply for membership available through our country clubs or activity clubs.
• When you book your children into and provide consent for the use of our childcare facilities.
• When your children participate in entertainment or activities available to them.
• When you visit our bars, restaurants and clubhouses.
• When you arrange a wedding, event or conference in any of our hotels or premises.
• Where you lease properties from us.
• When you make any complaints regarding our facilities or the service you have received.
• Where you have been involved in any accidents or incidents in our premises or facilities.
• When we call or visit you to progress any agreements or contracts to supply us with goods or services.
• When we arrange a contract with you or when we agree to purchase products or services from each other.
• In the administration of our relationship with you.
• Through the fulfilment of our contractual obligations.
• Through CCTV Visual Imaging in areas within our properties, car parks, outdoor areas and leisure facilities.
• When you use our WiFi services.
The means of collecting data evolves along with our business and to ensure you are kept informed of our usage, this policy will be reviewed annually unless there is a change in legislation requiring us to review the policy sooner. We are committed to ensuring that the data we collect and process is accurate, is up to date, is appropriate, is not excessive, is not retained for longer than required and does not constitute an unwarranted invasion of your privacy.
We may process your personal data for the performance of any booking, contract or agreement we have in place with you.
We may also process your personal for the legitimate interests we have to provided that those interests do not override any of your own rights and freedoms which we will consider carefully. This includes processing for marketing, provision of future services, business development, statistical and management purposes.
WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?
The data we hold and process for you will depend on our relationship with you, the enquiries you have made with us, the bookings and services you have requested from us, along with the products or services we may request from you.
Typically, we may hold:
• Names, addresses and your birthdate if you have given us this – personal or business.
• Email address and telephone contact numbers – personal or business.
• Your company name and nature of your business where applicable.
• Details of the events, services, products or facilities you may have enquired about.
• Details of any future and previous booking(s) you may have made with us.
• Details of the events, services, products or facilities you may have taken part in or used when you visited us.
• Details of any special requirements you have informed us of.
• Details of the services and products you currently provide or have previously provided to us.
• Details of any relevant health and ability information when applying for membership or registering to use our spa, leisure or activity facilities.
• Consent information for children – including names, ages, dates of birth, school or nursery details, emergency contact numbers, arrival and departure dates, medical conditions or allergies, physical or social learning difficulties, behavioural challenges, potential signs or symptoms and actions or solutions along with any medication taken.
• Records of correspondence and communications with you.
• Records and detail regarding any complaints or enquiries you make to us.
• Your requests and preferences regarding marketing information and how you would wish to receive this information.
• A record of marketing emails sent to you and whether you have opened, read or clicked through to our website from them.
• Information from other sources, such as publicly available information, industry networking information, national industry portals and records.
• Visual Imaging recorded on CCTV where you visit or access our properties or grounds.
HOW DO WE USE THE PERSONAL DATA WE HOLD ABOUT YOU?
We may collect and store personal data for a number of reasons:
• To fulfil our booking or contractual obligations and to meet agreements we have put in place with you.
• To provide you with information about products or services you have requested from us.
• To provide you with information about services, events and products we feel may be of interest to you.
• To maintain customer and administration records.
• To respond to your feedback and ideas.
• To notify you of any changes to our services.
• To verify identification where required.
• To communicate with you by post, email or phone.
• To analyse the suitability and relevance of the services we provide.
• To plan and manage our properties and facilities.
• To investigate and respond to any complaints you may make.
• To process financial transactions, invoicing and maintain group arrangements.
• To prevent and detect crime, fraud or corruption.
• To meet legal, regulatory, statutory and ethical responsibilities.
• To help with staff training and to improve our internal processes.
• To visually monitor the safety and security of data subjects in and around our properties and grounds.
• For customer profiling, to help us understand what people want to do when they stay at our hotels and to keep our services as relevant as possible.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
Crieff Hydro Family of Hotels will only keep your personal data for as long as is necessary to fulfil the purposes for which it was collected, and in accordance with legal requirements under UK Company Law.
We do want to keep in touch with you, however if you have not done business with us or interacted with any of our email communications in 4 years, we will remove your details from our marketing mailing lists. You are free to remove yourself from our lists at any time by using the unsubscribe option.
WHO WILL WE SHARE YOUR PERSONAL DATA WITH?
We may share your personal data with third parties or other organisations and individuals where:
• There is a legal obligation to do so.
• Where it is requested by a public or regulatory authority and we consider it is required by law – such as police or HMRC.
• Where we are bound by any code of practice.
• Relevant data may be shared with our booking partners or service providers in conjunction with the delivery of our services to you.
• Relevant data may be shared with our booking partners or service should a complaint be made by you.
We may require the services of third party service providers – such as instructors, trainers, child care specialists, consultants, auditors and accountants, banking services, administration or HR services, I.T systems maintenance. We will share your data with them in order to allow us to provide the services you have requested. In these circumstances we will have an appropriate contract in place which sets out requirements that the third party can only process your data on our instruction and that they will not use it for their own purposes. They will hold it securely and delete it or return it to us once the contract has ended.
We will also share your personal data within the Crieff Hydro Family of Hotels where it is in our legitimate interests to do so, for the fulfilment of your booking and our contract or agreement with you.
We share contact information with a third party to help us send you information about the products and services offered by the Crieff Hydro Family of Hotels. These third parties will only send information about our family group.
INTERNATIONAL TRANSFERS
If we intend to transfer your personal data to a third country or share with an international organisation, we will put measures in place to do so securely and with appropriate safeguards in place.
DATA SECURITY
Crieff Hydro Family of Hotels are serious about taking the appropriate measures to protect your personal data.
The transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of the data you transmit to our site and we need to make you aware that any transmission is at your own risk. Where passwords are required or chosen by you to access our site or secure platforms as part of the service we provide, it is your responsibility to keep these passwords secure and confidential.
Once we have received your data, we use strict procedures and security features to prevent unauthorised access to your data.
We limit access to our properties and facilities to those who require access and have a right to be there – using passes, keys and other technology. We also have a risk framework in place including the appropriate policies and procedures required to keep your data secure. All information provided by you is held on secure servers and any payment transactions will be encrypted. We apply controls and access restrictions across all of our technology platforms and review and test these at regular intervals.
Through the contracts and security measures we put in place, any third parties that we may share your data with are obliged to keep your details secure and to use this data only to fulfil the service they provide to you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures. If we pass any special category personal data onto a third party we will only do so once we have obtained your explicit consent or for the fulfilment of a contract we hold with you, unless we are legally required to do otherwise.
YOUR RIGHTS AS A ‘DATA SUBJECT’
Whilst we are processing your personal data at the Crieff Hydro Family of Hotels, as a ‘data subject’, you have the following rights:
• Right to be informed: You have the right to be informed about our data processing through this Privacy Notice.
• Right of Access: By submitting a ‘Subject Access Request’, you have the right to request information about and access to a copy of the personal data held by us as a Data Controller.
• Right of Rectification: Where you feel that the information we hold about you is inaccurate or incomplete, you have the right to request that we correct your personal data.
• Right to be forgotten: When you feel we no longer need your personal data for the purpose it was obtained for or where you have withdrawn your consent to us processing your data, you have the right to ask us to delete and erase your personal data. We can refuse to do this in certain circumstances.
• Right to restrict processing: Where you feel the personal data we are processing is inaccurate or where you feel your personal data is no longer needed but you want us to retain it for any possible future reference, you have the right to restrict our processing of your personal data.
• Right to data portability: Where we hold data electronically about you, in certain circumstances, you have the right to ask us to provide that data in an easy to read format and to transfer this data to another organisation.
• Right to object: You have the right to object to certain types of processing of personal data in certain circumstances although you have an absolute right to ask us to stop using your contact details to send you direct marketing.
CAN I FIND OUT WHAT PERSONAL DATA THE CRIEFF HYDRO FAMILY OF HOTELS HOLDS ABOUT ME?
If you submit a Subject Access Request, the Crieff Hydro Family of Hotels can confirm the data and information held about you and how we process it. If we process your personal data, you can request the following information from us:
• Who is the person or organisation that decided how and why to process your data.
• Where applicable, the contact details of their Data Protection Officer.
• The contact details of our Data Protection Officer.
• The legal basis for processing and the purpose of the data processing.
• Where personal data is being processed based on our legitimate interests or the legitimate interests of a third party, we need to be able to confirm what these interests are.
• Which categories of personal data are collected and processed.
• Who we share your data with or disclose your data to.
• If we intend to transfer your personal data to a third country or share with an international organisation.
• How long we will store your data.
• Confirmation of your Data Subject Rights to ask us to correct, erase, restrict, transfer or object to processing your personal data.
• Details regarding your right to withdraw your consent at any time.
• The process to lodge a complaint with the ICO as the UK’s data protection supervisory authority.
• We will clarify if the provision of your personal data is due to a statutory or a contractual requirement.
• Where it is required to enter into a contract between us, if you are obliged to provide the personal data and any consequences possible if you fail to provide the personal data required.
• Where your data was not collected directly from you, confirmation of where your personal data was sourced from.
We will normally respond to your request to access your personal data within one month from the date it is received. However, in some cases, we may need to extend this to three months. We will always write to you within one month of receiving your original request to tell you if this is the case.
A copy of your personal data is usually provided free of charge. However, we can charge a ‘reasonable fee’ where we find that the data requested is manifestly excessive or manifestly unfounded and in particular if the request is a repetitive one. We can also charge for additional copies of the personal data.
CONTACTING US AND YOUR RIGHT TO MAKING A COMPLAINT
If you wish to speak to us or question anything in this notice relating to how we collect, store or process your personal data, please email us atdata@crieffhydro.comor write to our Data Protection Officer at Crieff Hydro Ltd, Strathearn House, Ferntower Road, Creiff, Perthshire, PH7 3LQ
We hope you don’t need to make a complaint about how we process your personal data or how a complaint has been handled. If you feel you do wish to complain, you have the right to complain through our Data Protection Officer as detailed above and the supervisory authority at the contact details below:
UK Data Protection Regulator, The Information Commissioner’s Office (‘ICO’), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or emailico.org.uk/concerns/.
POLICY CHANGE
This policy was last updated on 1 March 2020.
COOKIES
Cookies are small text files that are placed on your computer by websites you visit. They are widely used to make websites work more efficiently, as well as provide information to the owners of the site you are visiting.
We use Cookies when you arrive at our site, unless you have adjusted your browser to refuse them. We may collect information about your computer, including where available your operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your use of our site by using a cookie file which is stored on the hard drive of your computer. Cookie files help us to improve our site and to deliver a better and more personalised service.
We use the following cookies:
Google Analytics– These cookies are used to collect information about how our visitors use our website. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to this site from and the pages they have visited.
Google Website Optimiser– These cookies are used to collect information about how visitors use our site. We use information to test and optimise site content and design.
We may use additional cookies to track behaviour and usage on third party software, for example our app, and will update this policy annually to reflect new uses.
Most web browsers allow you to control most cookies. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them,visitallaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visittools.google.com/dlpage/gaoptout.
DISPLAY ADVERTISING
We use display ads based on Google Analytics remarketing features. You can opt-out of these ads and change your preferences with the Ads Preferences Manager.
LINKS TO OTHER WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.