Cairngorms NP Ltd is administered by Speyside Wildlife
Data protection law
The General Data Protection Regulation May 2018 (GDPR) describes how organisations must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically or on paper. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The GDPR is underpinned by eight important principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Lawful processing
Cairngorms NP Ltd and Speyside Wildlife needs to gather and use certain information about individuals, so that we can ensure guests have a safe, secure and successful holiday or wildlife experience. These individuals can include guests, customers, suppliers, business contacts, employees and others our organisation has a relationship with, or needs to contact.
This data protection policy ensures Cairngorms NP Ltd and Speyside Wildlife:
- Complies with data protection law and follows good practice
- Protects the rights of staff, guests and associates
- Is open about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach
By using our website, contacting us for information, or completing a Speyside Wildlife Booking Form, either in writing or online, you understand and agree that personal information you provide will be held on a database created by us and will be stored for the purpose of providing you with information now and in the future and, where necessary, transferring this information to future SW bookings and providing it as necessary to associated third parties. Our website is held on a server based in the UK.
How we use personal information
Personal information provided to us will be used for the purposes outlined at the time of collection in accordance with the preferences you express. Personal data collected and processed by us is treated as strictly private and confidential and other than sharing certain details with our Ground Agents (where applicable), we shall never share your data with other third parties. Your data may be used for the following purposes:
- Booking of accommodation; this may include providing health/dietary information
- Booking of flights and other travel elements; this may include providing age/passport information
- Booking of activities; this may include providing height/weight information
- Processing of payments where necessary (we do not store anyone’s financial/banking details)
- Insurance information provided to appropriate persons in the event of an incident on your holiday
- ESTA/ETA applications where assistance requested
- Communication of SW Marketing information
How long we retain personal information
Enquirers’ contact details, including names/addresses/emails/telephone numbers/holiday preferences and other incidental information provided to us, are held for three years and then deleted, unless you have gone on to make a booking with us, or you have contacted us to update your information, when a further three years will elapse from the time the contact was made, or holiday taken, before deletion.
Information from enquirers who go on to make a booking with us will be kept on the following basis: Standing information such as addresses/emails/ passport details/dietary/health/annual insurance information etc. will be held on an ongoing basis, unless you specifically ask us to delete any or all of this. Transitory information, such as holiday emergency contacts/single trip insurance details etc. will be deleted once your holiday/experience has been completed. We shall update any standing information from details provided by you and may ask you to confirm details held from time to time.
If you do not wish us to keep your data once you have completed your holiday/activity with us, please inform us when you contact us.
Right to access of information held
You have the right to ask us, in writing, for a copy of all the personal data held about you. This will be sent to you as soon as possible and certainly no later than 30 days after your request.
Our computers all comply with recommended security levels; all databases are password protected and PC screens are locked when unattended. Where printed matter is required, this is stored in locked drawers/cabinets. Paper and printouts are not left where unauthorised people can see them. Any paperwork no longer required is shredded.
When ‘out in the field’ or away on trips, any guests’ personal data the guides require to have with them in order to carry out their tour leader duties efficiently and effectively, will be kept with them at all times and is deleted from their possession when the holiday is completed. Any information provided to our partners to enable your holiday or experience to be provided successfully, in the majority of circumstances, is only ever names and dietary requirements. Where safety or internal requirements require further information to be provided, our partners are charged with deleting that information from their own records as soon as the holiday/experience has been completed.
Needless to say we’re very happy you ask us questions at any time about the personal information we hold for you, by emailing us firstname.lastname@example.org
Policy prepared by: Cairngorms NP Ltd and Speyside Wildlife
Approved by: Suzanne Dowden
Policy became operational on: 25 May 2018
Next review date: 24 May 2019