PRIVACY

Privacy notice

Introduction

This is Saddle Mountain Hostel’s privacy notice. Saddle Mountain Hostel is owned and run by the partners of the business partnership Saddle Mountain.

The use of “we”, “us” and “our” in this privacy notice refers to Saddle Mountain. The use of “you” and “your” in this privacy notice refers to individuals providing personal data to us.

We take the security of your personal data very seriously and our privacy notice has been developed in accordance with the General Data Protection Regulation.  It applies to the computerised, automated and manual personal data we collect and hold about you and how we use it.

Our privacy notice also includes information about the use of Cookies on our website.

This privacy notice was updated on 26/02/2022.

Contents

1. General Data Protection Regulation overview

2. Our website

3. Our third party online booking system

4. Card terminal payments

5. Social media

6. What personal data do we collect from you?

7. When do we collect personal data from you?

8. How do we use your personal data?

9. What are the lawful bases for processing your personal data?

10. Where do we store your personal data and how long for?

11. Do we share your personal data?

12. Are there any age restrictions to supplying your personal data to us?

13. Your individual rights

14. Our contact details

 

1. General Data Protection Regulation overview

The purpose of the General Data Protection Regulation (GDPR) is to protect the privacy of individuals (data subjects – you) by preventing the misuse or unauthorised use of personal information (personal data) that is held by others (data controllers – us).  This is achieved by regulating the use of personal data held by data controllers and by giving rights to data subjects.

The GDPR states that all data controllers must comply with six data protection principles.  In summary, personal data should be:

  •  Processed lawfully, fairly and in a transparent manner in relation to individuals.
  •  Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  •  Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  •  Accurate and, where necessary, kept up to date.
  •  Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  •  Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

You can find out more about GDPR from the Information Commissioner’s Office. GDPR is effective in the European Union from 25th May 2018. It will continue to apply in the United Kingdom after it exits the European Union.

For the purposes of this privacy notice Saddle Mountain is the “data controller”.

2. Our website

Our website, saddlemountainhostel.scot, is the primary source of information about Saddle Mountain Hostel.  WordPress is our website content management system and has been used to create, manage and update our website.

Cookies

A cookie is a small text file that is downloaded onto your computer when you access a website. It allows the website to recognise your device and store some information about your preferences or past actions.

Our website uses two types of cookies, session and persistent. A session cookie is only used for your current session on our website whereas a persistent cookie has a longer lifespan and is not automatically deleted when you close your browser.

  •  DYNSRV – This cookie is added by our load balancer to track which web server to send you to. Its purpose is to improve the performance of our website. Session cookie.
  •  wp-settings-1 – WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and the main site interface. Persistent cookie. Duration: 1 year.
  •  wp-settings-time-1 – WordPress sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and the main site interface. Persistent cookie. Duration: 1 year.
  •  wpfuuid – WordPress functional cookie which is required to help WordPress sites work. Persistent cookie. Duration: 10 years.
  • pum-53760 – Functional cookie which is required to display urgent messages to our customers in a pop-up. Persistent cookie. Duration: 1 month.

You do not have to accept cookies and you can adjust your browser’s setting to prevent it from accepting cookies. This may prevent you from taking full advantage of our website.

Contact us

There is a contact us form on the Contact page of our website. You are required to provide your personal data (your name and email address) before your comment is submitted. The personal data you provide is used to generate an email to us. We will respond to you from our email address. Your personal data is not stored on our website.

Links to other websites

Our website pages contain links to other websites that may be of potential interest to you.  When you click on one of these links your web browser will leave our website and open a new one.  At this point the privacy notice and use of cookies of the other website will apply. We advise you to read and agree to these before you use the other website.

3. Our third party online booking system

Checking availability or making a booking

We use a third party online booking system called Freetobook. All of our bookings are made and stored in this system and the privacy notice of Freetobook applies.

If you Check Availability on the BOOK NOW page on our website you will be taken to the Freetobook page for Saddle Mountain Hostel where you can check our availability and make a booking.

Payment

When you make an online booking you will be asked to pay a deposit to confirm your booking. This will be processed directly by our secure payment gateway provider, Stripe.

If we make the booking on your behalf we will email you a secure payment link to pay the deposit. We will not ask you for your card details by telephone or email.

Our payment processes are PCI Level 1 compliant.

Messaging

We use the guest messaging functionality within our third party online booking system, Freetobook. Messages sent and received will be held and stored in Freetobook against the individual booking. We will comply with the GDPR data principles when we process the personal data held within Freetobook. 

Guest registration

We use the online guest registration functionality within our third party online booking system, Freetobook. Guests will be contacted using the Freetobook guest messaging system to provide this information. The data will be held and stored in Freetobook against the individual booking. We will comply with the GDPR data principles when we process the personal data held within Freetobook. 

Reviews

We only ask you for reviews via our third party online booking system, Freetobook.  When you submit a review the privacy notice and use of cookies of Freetobook will apply. We advise you to read and agree these before you make a review.  When we publish your review no identifying details will be attached to it. We will comply with the GDPR data principles when we process the personal data held within Freetobook.

4. Card terminal payments

We use the Mobile Pay app and card reader and from Global Payments. Transactions can be authorised as a contactless payment, by PIN or signature or without the cardholder present. Information is created and stored in this system.

Our payment processes are PCI Level 1 compliant.

Merchant copies of transactions made using a previous Global Pay card terminal (up to 14th March 2020) are stored securely by us.

5. Social media

We use Facebook, Twitter, Instagram, Tripadvisor and Google Plus.  We advise you to read and agree to the privacy and cookies notice of the social media site before you sign up and interact with us.

You may choose to review your stay at Saddle Mountain Hostel directly on a social media site such as Tripadvisor, Google Plus and Facebook.  These websites are not controlled by us and are subject to their own privacy and cookies notices.  We advise you to read and agree to these before you sign up to post a review.

We do not share information contained in any direct messages to us on the social media sites we use.

6. What personal data do we collect from you?

The information that we collect and hold about you is called “personal data”.

The personal data we collect and hold about you can include your name, address, telephone number, email address, names and contact details of other guests in your group, payment information, nationality, online identifier, car registration, emergency contact details.  It may also include your IP address.

7. When do we collect personal data from you?

We collect your personal data when you contact us by email or telephone, when you visit our website, when you fill in a form on our website to contact us or subscribe to our blog, when you make a booking, when you contact us through our third party online booking system, when you provide guest registration details, when you stay at the hostel, and when you review your stay with us.

8. How do we use your personal data?

Your personal data may be used in the following processes:

  • Pre-booking contact – Contact made by you to discuss making a booking. For example, checking the hostel is suitable for your requirements or about our availability. Contact and subsequent communication (up until a booking is made) made by email or telephone.  The Contact Us form on our website may also be used.
  • Bookings – You can make a booking to stay with us using our third party online booking system. You will be asked to provide payment information to confirm your booking.  If you would prefer we can create the booking for you.
  • Post-booking contact – Contact made by you or us to discuss a booking. For example, further information required, late arrival, lost property. Contact and subsequent information communication made by email, telephone, text or through our third party online booking system.  The Contact Us form on our website may also be used.
  • Guest reviews – After you have stayed at Saddle Mountain Hostel you will be invited to leave a review on our third party online booking system. The email address you gave us at the time of booking is used to request the review.  The reviews are published on our third party online booking system.
  • Guest registration – We are required by the Immigration (Hotel Records) Order 1972 to ask you to register for your stay at the hostel. We will do this through our third party online booking system or when you arrive.
  • Route cards – You are able to leave information about your route (e.g. mountain or cycle), return time, vehicle registration and emergency contact details. This is done in the form of a paper sheet, manually filled in.
  • Website analysis – When you visit our website we collect standard internet log information. This helps us to know how many people visit our website and which pages are visited.
  • Booking analysis – We use standard reports in our third party online booking system that we use to help us understand our bookings and income. For example, we are able to analyse how many people stayed at the hostel and when and what our turnover is.
  • NHS Scotland Test and Protect – We will share your contact information provided during guest registration as required by the NHS Scotland Test and Protect service.

9. What are the lawful bases for processing your personal data?

When we process your personal data as described above we are using the following lawful bases:

  • Consent – The individual has given clear consent for you to process their personal data for a specific purpose. Our processes – route cards.
  • Contract – The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. Our processes – pre-booking contact, booking, post-booking contact.
  • Legal obligation – The processing is necessary for you to comply with the law (not including contractual obligations). Our processes – guest registration.
  • Legitimate interests – The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. Our processes – guest reviews, booking analysis, website analysis, NHS Scotland Test and Protect.

10. Where do we store your personal data and how long for?

The personal data we collect from you is stored electronically or in paper format depending on the process we are using it for. We take the security of your personal data very seriously. We have put in place appropriate procedures to prevent unauthorised access and misuse of your personal data and to effectively manage the retention of your personal data.

Electronic personal data is stored in the third party online business systems we use to run our business. It is subject to the security procedures and technical and physical restrictions for accessing and using personal data on their servers. No personal data is stored on the computers we use. Paper records are kept securely in our private office.

We will hold your personal data only for as long as is necessary and for the purpose for which it was collected. How long we hold it for is dependent on the purpose it is being used for but is in accordance with legal obligations.

11. Do we share your personal data?

In order to make a booking to stay with us we may share personal data we collect from you with our third party online booking system and our secure payment gateway provider. Only the personal data necessary to complete the transaction will be shared.

We may share depersonalised data such as booking statistics and website analysis with reputable third parties and for other lawful purposes but the information will not include any personally identifying details.

Under certain circumstances there may be a legal obligation for us to share your personal data in order to protect your vital interests or those of another person. We may also disclose your personal data where it is necessary for us to exercise or defend a legal claim.

Other than this we will not disclose any of your personal data to any other third party without your consent.

12. Are there any age restrictions on supplying your personal data to us?

There is a minimum age to consenting to supply your personal data to us. You must 16 or older to provide your personal data to our website or our third party online booking system.

13. Your individual rights

The GDPR provides the following rights for individuals:

  •  The right to be informed
  •  The right of access
  •  The right to rectification
  •  The right to erasure
  •  The right to restrict processing
  •  The right to data portability
  •  The right to object
  •  Rights in relation to automated decision making and profiling

Our privacy notice informs you about the collection and use of your personal data by Saddle Mountain.  Please contact us if you wish to know what personal data we hold about you and to exercise your individual rights.

14. Our contact details

Our contact details are below or you can use the contact us form on the Contact page of our website.

Address: Saddle Mountain Hostel, Mandally Road, Invergarry, PH35 4HP, UNITED KINGDOM

Telephone: +44 (0)1809 501412

Email: info@saddlemountainhostel.scot