Introduction
This is Saddle Mountain Hostel’s privacy notice. Saddle Mountain Hostel is owned and run by the partners of the business partnership Saddle Mountain.
The use of “we”, “us” and “our” in this privacy notice refers to Saddle Mountain. The use of “you” and “your” in this privacy notice refers to individuals providing personal data to us.
We take the security of your personal data very seriously and our privacy notice has been developed in accordance with the General Data Protection Regulation. It applies to the computerised, automated and manual personal data we collect and hold about you and how we use it.
Our privacy notice also includes information about the use of Cookies on our website.
This privacy notice was published on 24th May 2018.
Contents
[su_list icon=”icon: compass” icon_color=”#ac1416″]
- 1. General Data Protection Regulation overview
- 2. Our website
- 3. Our third party online booking system
- 4. Social media
- 5. What personal data do we collect from you?
- 6. When do we collect personal data from you?
- 7. How do we use your personal data?
- 8. What are the lawful bases for processing your personal data?
- 9. Where do we store your personal data and how long for?
- 10. Do we share your personal data?
- 11. Are there any age restrictions to supplying your personal data to us?
- 12. Your individual rights
- 13. Our contact details
[/su_list]
1. General Data Protection Regulation overview
The purpose of the General Data Protection Regulation (GDPR) is to protect the privacy of individuals (data subjects – you) by preventing the misuse or unauthorised use of personal information (personal data) that is held by others (data controllers – us). This is achieved by regulating the use of personal data held by data controllers and by giving rights to data subjects.
The GDPR states that all data controllers must comply with six data protection principles. In summary, personal data should be:
[su_list icon=”icon: compass” icon_color=”#ac1416″]
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
[/su_list]
You can find out more about GDPR from the Information Commissioner’s Office. GDPR is effective in the European Union from 25th May 2018. It will continue to apply in the United Kingdom after it exits the European Union.
For the purposes of this privacy notice Saddle Mountain is the “data controller”.
2. Our website
Our website, saddlemountainhostel.co.uk, is the primary source of information about Saddle Mountain Hostel. WordPress is our website content management system and has been used to create, manage and update our website.
Cookies
A cookie is a small text file that is downloaded onto your computer when you access a website. It allows the website to recognise your device and store some information about your preferences or past actions.
Our website uses two types of cookies, session and persistent. A session cookie is only used for your current session on our website whereas a persistent cookie has a longer lifespan and is not automatically deleted when you close your browser.
[su_list icon=”icon: compass” icon_color=”#ac1416″]
- DYNSRV – This cookie is added by our load balancer to track which web server to send you to. Its purpose is to improve the performance of our website. Session cookie.
- wp-settings-1 – WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and the main site interface. Persistent cookie. Duration: 1 year.
- wp-settings-time-1 – WordPress sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and the main site interface. Persistent cookie. Duration: 1 year.
- wpfuuid – WordPress functional cookie which is required to help WordPress sites work. Persistent cookie. Duration: 10 years.
[/su_list]
You do not have to accept cookies and you can adjust your browser’s setting to prevent it from accepting cookies. This may prevent you from taking full advantage of our website.
Blog subscription
We use a WordPress website plugin called Jetpack to manage subscriptions to our blog. You can subscribe to our blog by providing your email address. We advise you to read and agree to Jetpack’s privacy notice and use of cookies before confirming your subscription.
You will receive an email notification when we publish a blog. There is an unsubscribe option in this email if you decide you no longer want to receive them.
Blog comments
If you want to make a comment about a blog you are required to provide your personal data (your name and email address) before your comment is submitted. The personal data you provide is published along with your blog comment on our website.
Contact us
There is a contact us form on the Contact page of our website. You are required to provide your personal data (your name and email address) before your comment is submitted. The personal data you provide is used to generate an email to us. We will respond to you from our email address. Your personal data is not stored on our website.
Links to other websites
Our website pages contain links to other websites that may be of potential interest to you. When you click on one of these links your web browser will leave our website and open a new one. At this point the privacy notice and use of cookies of the other website will apply. We advise you to read and agree to these before you use the other website.
3. Our third party online booking system
Checking availability or making a booking
We use an third party online booking system called Freetobook. All of our bookings are made and stored in this system.
If you click on the Book Now button on our website you will be taken to the Freetobook page for Saddle Mountain Hostel where you can check our availability and make a booking. At this point the privacy notice and use of cookies of Freetobook will apply. We advise you to read and agree these before you make a booking. We will comply with the GDPR data principles when we process the personal data held within Freetobook.
Payment
When you make an online booking you will be asked to pay a deposit to confirm your booking. This will be processed directly by our secure payment gateway provider, Global Payments.
If we make the booking on your behalf we will email you a secure payment link to pay the deposit. We will not ask you for your card details by telephone or email.
The outstanding balance of your booking is due when you check in at the hostel. We have a payment terminal if you choose to pay by card and you will be required to authorise the transaction by PIN or signature. We keep a merchant copy of the transaction.
Our payment processes are PCI Level 1 compliant.
Reviews
We only ask you for reviews via our third party online booking system, Freetobook. When you submit a review the privacy notice and use of cookies of Freetobook will apply. We advise you to read and agree these before you make a review. When we publish your review no identifying details will be attached to it. We will comply with the GDPR data principles when we process the personal data held within Freetobook.
4. Social media
We use Facebook, Twitter, Instagram, Tripadvisor and Google Plus. We advise you to read and agree to the privacy and cookies notice of the social media site before you sign up and interact with us.
You may choose to review your stay at Saddle Mountain Hostel directly on a social media site such as Tripadvisor, Google Plus and Facebook. These websites are not controlled by us and are subject to their own privacy and cookies notices. We advise you to read and agree to these before you sign up to post a review.
We do not share information contained in any direct messages to us on the social media sites we use.
5. What personal data do we collect from you?
The information that we collect and hold about you is called “personal data”.
The personal data we collect and hold about you can include your name, address, telephone number, email address, names of other guests in your group, payment information, nationality, online identifier, car registration, emergency contact details. It may also include your IP address.
6. When do we collect personal data from you?
We collect your personal data when you contact us by email or telephone, when you visit our website, when you fill in a form on our website to contact us or subscribe to our blog, when you make a booking, when you stay at the hostel, when you review your stay with us and when you make comments about our blog posts.
7. How do we use your personal data?
Your personal data may be used in the following processes:
[su_list icon=”icon: compass” icon_color=”#ac1416″]
- Pre-booking contact – Contact made by you to discuss making a booking. For example, checking the hostel is suitable for your requirements or about our availability. Contact and subsequent communication (up until a booking is made) made by email or telephone. The Contact Us form on our website may also be used.
- Bookings – You can make a booking to stay with us using our third party online booking system. You will be asked to provide payment information to confirm your booking. If you would prefer we can create the booking for you.
- Post-booking contact – Contact made by you or us to discuss a booking. For example, further information required, late arrival, lost property. Contact and subsequent information communication made by email, telephone or text. The Contact Us form on our website may also be used.
- Guest reviews – After you have stayed at Saddle Mountain Hostel you will be invited to leave a review on our third party online booking system. The email address you gave us at the time of booking is used to request the review. The reviews are published on our external online booking system.
- Guest registration – We are required by the Immigration (Hotel Records) Order 1972 to ask you to register on arrival at the hostel.
- Route cards – You are able to leave information about your route (e.g. mountain or cycle), return time, vehicle registration and emergency contact details. This is done in the form of a paper sheet, manually filled in.
- Blog subscription – You can sign up via our website to receive email notification when a new blog is published.
- Blog comments – You can submit comments about our blogs via our website.
- Website analysis – When you visit our website we collect standard internet log information. This helps us to know how many people visit our website and which pages are visited.
- Booking analysis – We use standard reports in our third online booking system that we use to help us understand our bookings and income. For example, we are able to analyse how many people stayed at the hostel and when and what our turnover is.
[/su_list]
8. What are the lawful bases for processing your personal data?
When we process your personal data as described above we are using the following lawful bases:
[su_list icon=”icon: compass” icon_color=”#ac1416″]
- Consent – The individual has given clear consent for you to process their personal data for a specific purpose. Our processes – blog subscription, blog comments.
- Contract – The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. Our processes – pre-booking contact, booking, post-booking contact.
- Legal obligation – The processing is necessary for you to comply with the law (not including contractual obligations). Our processes – guest registration.
- Legitimate interests – The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. Our processes – guest reviews, booking analysis, website analysis.
[/su_list]
9. Where do we store your personal data and how long for?
The personal data we collect from you is stored electronically or in paper format depending on the process we are using it for. We take the security of your personal data very seriously. We have put in place appropriate procedures to prevent unauthorised access and misuse of your personal data and to effectively manage the retention of your personal data.
Electronic personal data is stored in the third party online business systems we use to run our business. It is subject to the security procedures and technical and physical restrictions for accessing and using personal data on their servers. No personal data is stored on the computers we use. Paper records are kept securely in our private office.
We will hold your personal data only for as long as is necessary and for the purpose for which it was collected. How long we hold it for is dependent on the purpose it is being used for but is in accordance with legal obligations.
10. Do we share your personal data?
In order to make a booking to stay with us we may share personal data we collect from you with our third party online booking system and our secure payment gateway provider. Only the personal data necessary to complete the transaction will be shared.
We may share depersonalised data such as booking statistics and website analysis with reputable third parties and for other lawful purposes but the information will not include any personally identifying details.
Under certain circumstances there may be a legal obligation for us to share your personal data in order to protect your vital interests or those of another person. We may also disclose your personal data where it is necessary for us to exercise or defend a legal claim.
Other than this we will not disclose any of your personal data to any other third party without your consent.
11. Are there any age restrictions on supplying your personal data to us?
There is a minimum age to consenting to supply your personal data to us. You must 16 or older to provide your personal data to our website or our external online booking system.
12. Your individual rights
The GDPR provides the following rights for individuals:
[su_list icon=”icon: compass” icon_color=”#ac1416″]
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
[/su_list]
Our privacy notice informs you about the collection and use of your personal data by Saddle Mountain. Please contact us if you wish to know what personal data we hold about you and to exercise your individual rights.
13. Our contact details
Our contact details are below or you can use the contact us form on the Contact page of our website.
Address: Saddle Mountain Hostel, Mandally Road, Invergarry, PH35 4HP, UNITED KINGDOM
Telephone: +44 (0)1809 501412
Email: info@saddlemountainhostel.scot