Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by [the General Data Protection Regulation 2016/679 (the “GDPR”)
Auchrannie Leisure Ltd is the data controller. This means it decides how your personal data is processed and for what purposes.
If after reviewing this policy you have any questions or privacy concerns please send an e-mail to: firstname.lastname@example.org or write to:
The Data Manager
Auchrannie Leisure Ltd
Isle of Arran
How do we process your personal data?
• Auchrannie Leisure Ltd complies with its obligations under the GDPR by keeping personal data up to date;
• by storing and destroying it securely; by not collecting or retaining excessive amounts of data;
• by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
• We use your personal data for the following purposes:
o To complete accommodation, restaurant, leisure and ASPA bookings;
o To administer Leisure & Country Club membership records;
o To fundraise and promote the interests of the Auchrannie charity;
o To manage our employees and contractors;
o To maintain our own accounts and records.
o For the security, health & safety of all our guests and staff CCTV operates on our premises.
o To operate the Auchrannie Leisure Ltd web site and deliver the services that individuals have requested.
o To inform individuals of news, events, activities or services running at Auchrannie Leisure Ltd.
o To contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered.
• We collect personal information that you choose to provide:
o when you make an enquiry online, by email or by phone;
o when you make a booking online, by email or by phone; and
o when you check-in and complete a registration card.
Throughout your stay, we will collect personal information about your time with us and your dining and leisure activities.
What type of information is collected from you?
• If you make a booking with us, we will ask for your name, contact details, the details of any other guests, billing information and any specifics about your stay.
• In order to improve your guest experience we may from time to time collect and store other information about you such as your personal preferences. We will only ever ask for information to enable us to provide the services you have requested.
• During your stay we will collect information from you in the form of requests and feedback. We will also collect information about your activities whilst you are with us for billing purposes and to improve our services to you.
• For the purposes of security and health & safety CCTV and Incident Monitoring take place on our sites. Please be aware that images of you and information about incidents involving you will only be stored and processed for as long as is required by law.
• We may from time-to-time require sensitive personal information (such as medical information) to provide specific services to you safely or to comply with our legal obligations, where this is the case we will always inform you (and where required) ask for your explicit consent to record this information at the time.
• After your stay we will retain relevant information about you to enable us to comply with our legal obligations and to ease the accommodation of any future stays.
What is the legal basis for processing your personal data?
Under data protection law, we can only use your personal information if we have a proper reason for doing so. In order to use your personal information, we rely on the following legal bases:
• you have given consent to the processing of your data for one or more specific purposes;
• processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
• processing is necessary for compliance with a legal obligation to which we are subject;
• processing is necessary in order to protect your vital interests, or the vital interests of another individual; and
• processing is necessary for the purpose of the legitimate business purposes pursued by us:
• Directly marketing to you as an existing Auchrannie customer, managing and fulfilling guest requests
We may use your information to:
• process bookings (and any specific requests) you have made;
• carry out our obligations arising from any contracts entered into by you and us;
• carry out our legal obligations arising from health & safety and security monitoring;
• seek your views or comments on the services we provide;
• notify you of changes to our services;
• send you communications which you have requested or that we think may be of interest to you. These may include information about offers, new facilities or special events.
• record your interactions with us in order to provide personalised experiences to you and improve our services;
• requesting services on your behalf with third parties during your stay
If you do not provide personal information we ask for, it may delay or prevent us from providing the services you have requested to you.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with:
• Third Party Service Providers working on our behalf: we may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we ensure appropriate safeguards are in place that requires them to keep your information secure, in accordance with data protection laws, and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond our approved suppliers, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
• Law Enforcement/Regulatory Bodies: we may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We will not share your personal information with any other third party.
How long do we keep your personal data?
We will hold your personal information on our systems only for as long as is necessary for the relevant activity or to facilitate any future stays, or as long as is set out in any relevant contract you hold with us. We are legally required to hold some types of information to fulfil our legal obligations (e.g. financial record keeping).
We use the following criteria to determine how long to retain your personal data:
• Reservations/booking data – Ongoing whilst guest relationship continues. If no activity after 3 years this information will be permanently deleted.
• Guest registration cards – 3 months
• Call recordings (for training & accuracy purposes) – 1 year
• Country Club owners data – 7 years post ownership
• Information to fulfil our legal obligations (e.g. financial record keeping) – 7 years
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
• The right to request a copy of your personal data which Auchrannie Leisure Ltd holds about you;
• The right to request that Auchrannie Leisure Ltd corrects any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary for Auchrannie Leisure Ltd to retain such data;
• The right to request that Auchrannie Leisure Ltd provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability).
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to lodge a complaint with the Information Commissioners Office. (ICO website - https://ico.org.uk/ ICO helpline - 0303 123 1113)
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
Where and whenever necessary, we will seek your prior consent to the new processing.
Security precautions in place to protect the loss, misuse or alteration of your Personal Information
• When you give us personal information, we take steps to ensure that it is treated confidentially and held securely.
• Once we have collected your information, we make our best effort to ensure its security on our systems and in physical form. Where data is stored electronically we take steps to ensure your information is accessed only by those who need it to administer your stay. Your personal data is always encrypted when being sent between our systems, this is shown by the lock icon in your web browser when booking online. Where possible your personal data is also encrypted at rest. Where we are storing information about you on physical media i.e. registration card, this is stored securely and access restricted to only those who need it to administer your stay.
• Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
• Credit or debit card details are encrypted and protected by our card payment provider. When you are entering your card details these are sent to our card payment provider securely, this is shown by the lock icon in your web browser when booking online.
Use of 'cookies'
• It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our websites.
What types of cookies are used on this site?
1. Preference Cookie – At your request we may place a cookie to remember your preferences so that you do not need to re-enter your details (country/age and language preferences) on our gateway page. This is not suitable if you share your computer with someone else.
2. Social Sharing – This is a cookie that identifies you with social networking sites such as Facebook and Twitter and allows interaction between your activity on social networking sites and on our website through your direction, and makes your transition between the sites more seamless.
3. Site Analytics – We use Google Analytics to help analyse use of our website. This analytical tool uses ‘cookies’, which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
4. Cookies – We use session cookies, which are temporary cookies that cookies aid the user journey around the site, and will remember preferences you have selected during the session. These cookies are deleted as soon as you leave the site.
5. Content Management cookies – These are cookies required by the site for the content management system to work.
6. Template preference cookies – These cookies are necessary for mobile sites and enable the site to look and feel the way it is intended to.
How do I disable/enable cookies?
You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.
There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about these functions. For example, in Internet Explorer, you can go to the Tools/Internet options/Security and Privacy Tabs to adapt the browser to your expectations. If you use different computers in different locations you will need to ensure that each browser is adjusted to suit your cookie preferences.
Some modern browsers have a feature that will analyse website privacy policies and allow a user to control their privacy needs. These are known as ‘P3P’ features (Privacy Preferences Platform).
Links to other websites
Our website may contain links to other websites. This Policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ we will require your parent/guardian's permission beforehand whenever you provide us with personal information.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in May 2018.