Visit North Norfolk ("we" or "our" or "us") is committed to protecting and respecting your privacy.
This policy (and any other documents referred to herein) sets out the basis on which any personal data we collect from you from our website (bookings.guestlink.co.uk) ("Website"), or that you provide to us by other means or will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (the Act), and the General Data Protection Regulations (GDPR), from 25 May 2018, the data controller is Visit North Norfolk.
1. Information we may collect from you
1.1 We may collect and process the following data about you:
b. If you contact us, we may keep a record of that correspondence.
c. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
d. Details of transactions you carry out through our Website.
e. Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
2. IP addresses and cookies
2.1 We may collect information about your device, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
2.2 Google will use personal data when given consent on our website. You can find Google's Privacy and Terms information here.
2.3 For the same reason as stated in 2.1, we may obtain information about your usage of our Website by using a cookie which is stored on the hard drive of your device. Cookies are used to make our Website work and to deliver a better and more personalised service. They enable us:
a. To estimate our audience size and usage pattern.
b. To store information about your preferences, and so allow us to customise our Website according to your individual interests.
c. To speed up your searches.
d. To recognise you when you return to our Website.
2.3 The cookies used on our Website are:
a. ASP.NET_SessionId - This cookie is essential for the operation and navigation of our Website. The cookie is deleted when you close your browser.
b. _utma, _utmb, _utmc, _utmz - These cookies are used by Google Analytics to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google allows you to disable personalised ads. Non-personalised ads that Google serves on our website require cookies or mobile identifiers to operate. Users are required to opt in or out of using cookies or mobile identifiers on our site. To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
c. dmsTPC - This cookie is used to record if a user has accepted the use of Google Analytics cookies on the this website website. This cookie is deleted when you close your browser.
d. Personal data will be used for personalisation of ads and cookies may be used for personalised and non-personalised advertising.
e. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
2.5 We may embed videos from our official YouTube channel using YouTube's privacy-enhanced mode. This mode may set cookies on your device once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. To find out more please visit YouTube's embedding videos information page: https://www.google.com/support/youtube/bin/answer.py?hl=en-GB&answer=171780.
2.6 We may display either (or both) of the following widgets:
a. Feed widgets (widgets that display a feed from our social network page). These widgets do not create a cookie.
b. Sharing widgets (widgets such as Facebook Like, Twitter Share or AddThis) which enable you to share content of this website to your friends or followers. By default these do not create a cookie until you have clicked on the graphic or icon representing the sharing network you would like to use. By clicking the graphic or icon you consent to transmitting data to the respective social network.
3. Where we store your personal data
3.2 All information you provide to us is stored on MailChimp's secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
3.3 The transmission of information between the entry point on www.visitnorthnorfolk.com to Mailchimp's servers via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.
4. Purpose of the processing, legal basis for the processing and retention periods
4.1 We use information held about you in the following ways:
a. To ensure that content from our Website is presented in the most effective manner for you and for your device.
b. To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
c. To carry out our obligations arising from any contracts entered into through our Website.
d. To allow you to participate in interactive features of our service, when you choose to do so.
e. To notify you about changes to our service.
f. To regularly update you about our services and promotions in Newsletters.
4.2 We may also use your data to provide you with information about goods and services which may be of interest to you and we may contact you about these by email, text, post or telephone.
4.3 Where we permit our affiliates to use your data, we (or they) will contact you only if you have consented to this.
4.4 We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
4.5 Our lawful bases for processing personal data:
a. Viewing our Website and sending us enquiries - Necessary for the legitimate interests pursued by us in providing the service.
b. Bookings (with review requests) and eShop orders - Necessary for the performance of a contract.
c. Marketing/eNewsletters – Consent.
4.6 Our retention periods for your personal data:
a. Operational Database records will be deleted after 18 months of last use, e.g. checking out of accommodation.
b. eMarketing Database records will be deleted after 24 months of last use, e.g. an email being sent.
4.7 Business records storage and publishing:
a. For storing and publishing business records on this website, our lawful basis for processing this data is “Legitimate interests”. The ICO website states the following, "It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact."
b. We store accommodation, venue and other business details (Trade Data) in our database to facilitate publishing them on this tourism website. Our legal basis for this processing is that it is necessary for the purpose of the legitimate interests pursued by the controller. Business details are, by their nature, already in the public domain and we are using them in a way the businesses would reasonably expect and could benefit from.
5. Disclosure of your information
5.1 We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985.
5.2 We may disclose your personal information to third parties:
a. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
b. If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
c. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, confidential information or safety of our Website, customers, affiliates or others and in particular if we are required to prevent any fraud or fraudulent transactions. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
5.3 Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
6. Your rights
6.1 You have the right to ask us not to process your personal data for marketing purposes. We operate an optional choice for receiving marketing communications and will clearly name any other organisations who may process your personal data. You can exercise your right to prevent such processing at any time by using the unsubscribe function on a received marketing email or by contacting us at Visit North Norfolk: firstname.lastname@example.org or 01263 569361.
6.2 The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. From 25 May 2018, when GDPR becomes law, a reasonable Subject Access Request (SAR) can be made without a fee being charged. It will be carried out within one month. As part of a SAR, you may request that your personal data is corrected or deleted. The result of a deletion request may be affected by any outstanding bookings or orders in progress.
6.3 If you are not satisfied with our response you may contact the UK supervisory authority, the Information Commissioner’s Office, https://ico.org.uk to report your concern.