Your privacy is important to us. All data collected through the use of our website site is intended to be used as a means to better serve our current and future customers.
1. Core principles
- We consider user privacy and data protection to be vitally important.
- We adhere to the principles of “privacy-by-design”.
- We will only collect and process data when necessary
- We will never sell, rent or otherwise distribute or make public your personal information
- Our website is not intended for use by children and we do not knowingly collect any data relating to children.
2. Who We are
Eastside Cottages is responsible for the data outlined in the privacy notice. As such, we are considered the “controller” of this data. Our contact details are:
Tigerchick, Westside, Penicuik, Midlothian, EH26 9LW.
Tel: 01968 864662
3. Relevant Legislation
Along with Eastside Cottages’ business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are visiting this website from outside of the EU, please check your own country of residence's specific data protection and user privacy legislation before proceeding to view our website.
4. Personal Data That We Collect
Personal data is any data about an individual by which that person can be identified. In conducting business with you, it will be necessary for us to collect the following data:
- Identity Data - including your first and last name.
- Contact Data - including your address, email address and telephone numbers.
- Financial Data - if you opt to pay us by debit or credit card, it may be necessary for us to collect payment details from you. This data will not be retained in any form.
- Transaction Data - including details about payments between you and us.
5. Other Data That We May Collect
Our site uses Google Analytics (GA) to collect data about user interaction. GA logs data such as rough geographical location, device, internet browser, pages visited on our website and for how long. None of this information personally identifies youto us.
GA also records your computer’s IP address. In some circumstances, if combined with other data, an IP addresses could be used to personally identify you. However, we are not able to use this data to identify you. As an additional precaution, we implement IP anonymisation through GA meaning that we are not able to access IP address data.
We also use Clicky Analytics and Inspectlet within our website. These gathers similar, non-personally identifying data to GA.
We use Cloudflare within our website for security, performance and analytic purposes. Cloudflare and other firewall software used in the service of the website may log your IP address for security purposes. This information is not used to personally identify you.
We consider Google, Clicky, Inspectlet and Cloudflare to be third party data processors (see section 8 below).
6. How We Collect Data
Website contact form
You may submit an enquiry via our contact form. Identity and contact data entered, along with your enquiry details and the time and date that the form is submitted will be sent to [email protected].
To ensure contact form data is transmitted to us both reliably and securely, we use a 3rd party transactional email service: Postmark App. We consider Postmark App to be a third party data processor (see section below).
Telephone / Verbal
You may choose to make an enquiry or provide personal data by telephone or in person.
Further information about these cookies, and how these 3rd party data services process data for us can be found in section 6 below.
Disabling cookies via the preferences on your web browser will prevent the tracking of your visit to our website. You can also delete any cookies that are stored on your computer. Be aware however that some function within the website rely on cookies to operate correctly.
If would like to generally opt-out of your data being used for ad-targeting, you may find the following tool useful: http://optout.aboutads.info/ To find out more about cookies in general, and how to manage and delete them, visit www.allaboutcookies.org.
If you do not wish to accept cookies from our website, please leave this site immediately and delete and block all cookies from this site. Your continued usage of this website will be taken as consent that you accept our usage of cookies.
7. How we use your data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Performance of Contract. This means processing your data where it is necessary for us to fulfil a contract with you or to take steps at your request before entering into such a contract. An example of this would be in replying to to a request for accommodation availability.
- Legitimate Interest. This means the interest of our business in conducting and managing our business to provide the best and most secure service possible. We consider and balance any potential impact on you (positive and negative) and your rights before we process your personal data for legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Comply with a legal or regulatory obligation. This means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Below is a description of the ways we plan to use your personal data, with the legal basis we rely on to do so. We may process your personal data on more than one legal basis depending on specific circumstances.
Purpose / Activity: To reply to requests for accommodation availability or information
Type of data: Identity / Contact
Lawful basis for processing including basis of legitimate interest: Performance of an existing or potential contract with you
Purpose / Activity: To manage payments / Collect & recover money owed to us
Type of data: Identity / Contact / Transaction / Financial
Lawful basis for processing including basis of legitimate interest: Performance of a contract with you / Necessary for our legitimate interests (eg. to recover debt)
Purpose / Activity: To manage our relationship with you
Type of data: Identity / Contact
Lawful basis for processing including basis of legitimate interest: Performance of Contract / Necessary to comply with a legal obligation
Other Data / Website Analytics
We use the information we gather with Google Analytics, Clicky & Cloudflare to improve our services, website and security, and to gain insight into the viability or success of advertising campaigns. For these purposes, we may examine trends, track users’ movements around the website and gather demographic information about our user base for the purpose of analytics.
8. Who we share data with
We may have to share your personal data with Professional advisers including lawyers, bankers, auditors and insurers who provide banking, legal, insurance and accounting services
HM Revenue & Customs, regulators and other based in the United Kingdom who require reporting of processing activities in certain circumstances.
We require all 3rd parties to respect the security of personal data and treat it in accordance with the law.
3rd Party Processors
We share data with several 3rd parties for the purposes of processing data (in some instances personal data) on our behalf. These 3rd parties have been carefully chosen and comply with the legislation set out in section 3. Among these 3rd party providers are social media and analytics service providers. If you do not consent to your data being shared with these data processors, please do not use our website.
9. Data storage
Website & Email
No personal data is stored or displayed by this website.
Data provided to us for the purposes making an enquiry, either via email or website contact form, are stored as emails within a secure IMAP email account provided by a GDPR compliant third party. Emails are then securely synced to our internal computer systems. This data is password protected and TLS encryption is used in its transfer.
Physical Data Storage
If paper copies of personal data or communications containing personal data are made, they will be kept in secure filing systems.
3rd Party Processor Data Storage
Where data is stored by 3rd party data processors, it is done so on our understanding that storage is secure and compliant with all relevant legislation. This is an important consideration for us when selecting 3rd Party data processor partners.
10. Data Security
We use appropriate security measures to prevent personal data from being lost, used or accessed in an unauthorised way.
We limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. Data Retention
We only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the nature, and sensitivity of the data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we gathered the personal data and any applicable legal requirements.
12. Your legal rights
Unless subject to an exemption under the data protection laws, you have rights with respect to your personal data. You may find out more about these rights and how to exercise them here: https://ico.org.uk/your-data-matters/
If you do wish to exercise any of your legal rights, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.