Some key terms are defined as follows, and throughout this document:
The way in which we store data, process data and run our business is done in a GDPR compliant manner. Upon request we can provide details of data flow, a data inventory, a data breach policy, an employee dismissal log, details on the employee security training we have in place and more. Please follow the instructions in the contact section below to request any information not present in this policy.
In short, we only gather Personal Data we need, we only keep it for as long as is needed, we only use it for what we state below, you can request to correct/edit/remove it, we store it securely, we do not pass it to third parties unless otherwise stated and we aim to be transparent with how we use Personal Data.
The Beach House is a vacation rental business. We advertise vacation rental properties, take enquiries about these properties, take bookings at properties, take payments towards bookings and provide other booking related services.
The Beach House uses SCRUMPY, an online website management & booking system to produce our website, keep track of bookings, enquiries, payments and more.
The Beach House is committed to the protection of Personal Data, including data that we use for our own purposes, and that we maintain on behalf of any property owners we may work with.
The Beach House collects information, including Personal Data, for the following purposes:
Your consent to this policy (where requested) is tracked.
This Policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable individual (Data Subject).
The services of The Beach House are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.
The use of our website by an individual classes them as a 'legitimate interest', visiting the site is enough to identify this, data associated with an individual's visit needs to be processed for efficient site operation. Any data collected will be used in a conservative way to help maintain the individual's rights & freedoms.
In the course of providing the website hosting services, SCRUMPY may receive, access, analyse, process and maintain Personal Data on behalf of us.
We determine the types of Personal Data that will be collected and used within SCRUMPY, how it will be used and disclosed, and how long it will be stored. For any questions relating to how your Personal Data is used by SCRUMPY which are not covered in this policy, please contact SCRUMPY directly via email: email@example.com.
SCRUMPY's Usage Information is collected, including information about how you are accessing and using our site. SCRUMPY directly uses information to understand and improve their services and exposes it to us so that we able to do the same for our business. Usage information may also be used to investigate and prevent security issues, abuse and fraud.
We may collect personal data from you through our Website (www.thebeachhouseexmouth.co.uk), social media, over the phone, and other channels for the following purposes:
Responding to your enquiries: When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future and to improve our customer service and offerings.
Informing you about offerings: We may use your contact information for our own marketing or advertising purposes. We do not sell or rent your Personal Data to third parties. You can opt out of these at any time by following the steps outlined below.
To Understand and Improve our Services and Website Service Usage Information is collected, including information about how you are accessing and using the Service. We use this information to understand and improve our Services, and to investigate and prevent security issues, abuse, fraud.
We collect Personal Data via our online booking form, over the telephone or via other channels to be able to store a record of who has (attempted to, confirmed, cancelled, etc) booked a property we may be or have been advertising.
We use a number of third party tools & services (sub-processors) that Personal Data may be sent to, including:
We have different timeframes on various elements of Personal Data that we hold dependent on its purpose. Once we no longer need to retain your Personal Data, we will make sure that it is deleted or anonymised.
We retain Personal Data provided for bookings indefinitely as these records form important financial evidence for tax purposes. We can at request de-personalise booking data, we may not be able to do this if we still need said Personal Data for tax or other legal purposes.
As a matter of practice, The Beach House does not disclose, trade, rent, sell or otherwise transfer Personal Data, except as set out in this policy.
We may transfer or disclose Personal Data as follows:
We may transfer (or otherwise make available) Personal Data to third parties who process it on our behalf for the purposes noted above. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
As of the date hereof, these third party providers include technical operations such as database monitoring, data storage, hosting services and customer support software tools.
The Beach House may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of The Beach House's assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
The Beach House and the providers we use may share or disclose Personal Data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
The Beach House may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.
In short, the personal data you provide to us can be provided upon access, we protect it to the best of our ability, we can amend it for you upon request and remove it from our systems upon request.
If you have any complaints, concerns or queries about how we manage Personal Data, please contact us by emailing firstname.lastname@example.org. If you are in the European Union you have the right to complain to your local Data Protection Authority about the collection and use of your Personal Data.
If we receive a request from an individual to access or update Personal Data we have collected we will endevour to respond to said request.
If you submit Personal Data via our Website or otherwise provide us with your Personal Data, you may request access, updating or correction and removal of your Personal Data by submitting a request to us via our contact form. We may request certain Personal Data for the purposes of verifying your identity.
The Beach House takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of Personal Data and other information, please see the Security Practices section; we keep that section updated as these practices evolve over time.
As a business both we and the third parties we trust, follow good security practices to help keep Personal Data secure.
The Beach House uses SCRUMPY, SCRUMPY is hosted on Amazon Web Services. As such, The Beach House inherits the control environment which Amazon maintains. In short web servers and databases run on servers in secure data centers.
SCRUMPY encrypts all customer data input via the website & booking management system both in transit and at rest. Communications between you and SCRUMPY (our website) are encrypted via HTTPS and Transport Layer Security (TLS) industry best-practices.
Access to Personal Data is limited via a user management system controlled within SCRUMPY. We ensure that anyone with access to Personal Data at The Beach House has an awareness of GDPR & good security practices.
In the event of a Personal Data breach we will endevour to notify the relevant legal authorities and inform the effected individuals within 72 hours of identifying said breach. If you believe you have discovered a personal data breach please contact us using the details below immediately.
Please contact us if:
No.4 Foxholes Hill, The Beach House Exmouth, Exmouth, Devon, EX8 2DF United Kingdom