Privacy Policy

PRIVACY AND COOKIE POLICY

Last updated 26 September 2022.

This privacy policy for Tudor Lodges describes how and why we might collect, store, use, and/or share your information when you use our services, such as when you: visit our website, contact us, book with us and stay here.

1. WHAT INFORMATION DO WE COLLECT? 

We do collect sensitive information due to the nature of our business helping guests with disabilities with very varied conditions covering both mental and physical health, and therefore we may need to collect information from people less than 16 years old. The information that we do collect is as follows:

Identity data: first name, last name, marital status, date of birth, gender, disability, nationality and images.

Contact data: postal and billing addresses, email addresses and telephone numbers.

CCTV data; at present we do not have any systems such as closed-circuit television, automatic number plate recognition and other surveillance technologies installed at the property and operated purely for security purposes. If we move towards this in the future we will update our policy.

Transaction data: details about services you have purchased from us or your visits to our premises.

Financial data: includes bank account and payment card details.

Technical data: includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

Profile data: includes purchases or orders made by you, your interests, preferences (including details about your personal likes and dislikes as identified during your visits to our premises), feedback and survey responses

Marketing data: includes your preferences in receiving marketing from us.

In all cases, the data collected is only the minimum required to conduct our business in a way that has a valid legal basis (see below).

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your information to provide, improve, and administer our services, communicate with you, to arrange payment for our services, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

Technical data that is automatically collected may be used by us to analyse how the website is being found and used, and to evaluate the effectiveness of our marketing campaigns. It is not used by us to build a personal profile.

3. HOW DO THIRD PARTIES PROCESS YOUR

INFORMATION? Although we do not use automatically collected visitor data to build a personal profile on you or identify you personally, Google, which provides the analytics service that collects the data, will do this. If you are logged into a Google account on your device, it will associate your data with the identity details that you have given to Google. What is done with that data will depend on the preferences you have expressed in the privacy settings of your Google account. If you are not logged into a Google account, the data will be associated with a unique identifier given to your browser or device. For further details about how Google uses your data please see Google’s privacy policy and this statement about Google Analytics Privacy.

4. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we will always rely on one of the following legal bases to collect and process your personal information:

Consent. We may process your information if you have given us permission (i.e. consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.

Performance of a contract. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our services or at your request prior to entering into a contract with you.

Legitimate interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to: Analyse how our services are used so we can improve them to engage and retain users Evaluate our marketing activities

Legal obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

Vital interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

5. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may share your data with third-party vendors, service providers, contractors, or agents (‘third parties’) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. They commit to protect the data they hold on our behalf. The categories of third parties we may share personal information with are as follows: Data Analytics Services Payment Processors. 

We do not sell your data to third parties or allow third parties to contact you without your permission.

We may also need to share your personal information in the following situations: Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

A cookie is a small file that might be placed on a computer or similar device when you visit or interact with a website. We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information about visitors to our website.

The following table indicates which cookies we are using and what they do.

Cookie

ID

Purpose

 

 

_utma

These cookies are used to collect

 

Google Analytics

_utmb

information about how visitors

 

_utmc

find and use our site, which we

 

 

 

 

_utmz

use to help improve it.

 

 

 

This simply stores your

 

Cookie warning

cc_cookie_accept

acceptance of the warning about

 

cookies on the website home

 

 

 

 

 

 

page.

 

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to reject cookies or install a browser extension to reject cookies. Your browser will also have a tool to remove cookies that have already been set. If you choose to remove cookies or reject cookies, this could affect the functionality of parts of our website. To opt out of interest-based advertising by Google, see the privacy preferences in the settings of your Google account.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. IS THE INFORMATION ACCURATE AND UP TO DATE?

We are legally obliged to ensure that the information we have on record is accurate and up to date. If your details have changed since we were last in touch with you, you are kindly requested to notify us of the new details so we can update our records.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate and reasonable technical and organisational security measures to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our services is at your own risk. You should only access the services within a secure environment.

10. BREACH NOTIFICATION

If we hold records of your personal data and we become aware of a data breach, we will endeavour to inform you of this within 72 hours.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In the European Economic Area (EEA) and the United Kingdom (UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by using the contact details provided below to contact us. We will consider and act upon any request in accordance with applicable data protection laws. If you are located in the UK and you believe we are unlawfully processing your personal information, you also have the right to complain to the Information Commissioner’s Office. You can find their contact details here: https://ico.org.uk/make-a-complaint/.

If you are located in the EU and want to make a complaint, see this list of European Data Protection Supervisors.

If you are located in Switzerland, here are the contact details of the Data Protection Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the contact details provided below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information where there are lawful grounds other than consent.

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO), Michael Tudor by email at: holidays@tudorlodges.co.uk, or by post to:

Tudor Lodges,
Morval,
Looe,
Cornwall
PL13 1PR

Contact Us