Country Walks Data Protection Policy
COUNTRY WALKS DATA PROTECTION POLICY
For the purposes of fulfilling enquiries and bookings, we need to record your personal information as necessary. We will not pass on your information to any other party except for when this is required to fulfil your holiday eg with third party accommodation or transport providers. You are able to ask us about the personal information we hold about you at any time. We will ask for your specific consent to store and use your email information for the purposes of emailing you information about our activity and other holidays from time to time. You will be able to withdraw this consent at any time. If you are on our mailing list, you are able to ask for your information to be removed or suppressed at any time.
This policy relates to how Country Walks will protect the right to privacy of our customers by protecting the personal information (data) they give us when enquiring about or buying our walking holidays. Personal data is information capable of identifying an individual. This policy is required to fulfil our obligations under regulatory and legal frameworks including the Data Protection Act 1998.
This policy outlines the responsibilities and liabilities of Country Walks with regard to personal data. This includes both paper and electronic records.
Country Walks will ensure all personal information is treated lawfully and correctly and adheres to the principles of data protection, under the Data Protection Act 1998. The eight principles of the Data Protection Act are as follows:
- Fairly and lawfully processed;
- Processed for limited purposes and not in any manner incompatible with those
- Adequate, relevant and not excessive;
- Not kept for any longer than is necessary;
- Processed in accordance with individuals’ rights;
- Secure; and
- Not transferred to countries without adequate protection.
1.0 Consent to hold personal information
1.1 Consent is not required to hold personal information required to book and fulfil holidays but it is required for any other purpose. We will ask for consent to hold and use email addresses for the purposes of marketing and promotion.
2.0 Holding and recording personal information
Appropriate personal data will be passed on to the relevant suppliers of your arrangements/any third party supplier/any other third party (including banks and/or credit card issuers) who need to know it so that your holiday can be provided. The information may also be provided to government/ public authorities such as customs or immigration if required by them, or as required by law. Certain information may also be passed on to security or credit checking companies. We only provide third parties with the personal data they require in order to deliver their services. Other than in relation to government/public authorities (over whom we have no control), we will take appropriate steps which are intended to ensure that anyone to whom we pass your personal data for any reason agrees to keep it secure, only uses it for the purposes of providing their services and does not collect any personal data from you in the course performing their services. If we cannot pass personal data to the relevant suppliers/third party supplier/any other third party, whether in the EEA or not, we will be unable to fulfil your booking. In making your booking, you consent to personal data being passed on to the relevant parties.
Your personal data may be stored, used and otherwise processed within the UK and/or any other country/countries of the European Economic Area (EEA). EEA countries are all member states of the European Union together with Norway, Iceland and Liechtenstein. We may also store, use or otherwise process personal data outside the EEA. Data protection laws may not be as strong outside the EEA as they are in the EEA. Personal data will not be transferred to a country outside the EEA unless (1) the country to which it is transferred is one which the European Commission considers to provide an adequate level of data protection or (2) the personal data is transferred to a United States company which has signed up to the Safe Harbour scheme or (3) the personal data is transferred to a company which is required by our contract with them only to deal with the data in accordance with our instructions and to maintain appropriate security to protect the personal data which we are satisfied they have or (4) we are obliged to provide the personal data to a government / public authority in order to provide your holiday.
3.0 Requests to destroy personal information
3.1 A customer can request that Country Walks destroys or stops processing their information under Section 10 of the Data Protection Act. Country Walks must send a response to the person within 21 days detailing whether the information will be destroyed or the processing of information stopped.