GDPR PRIVACY POLICY

OUR DATA PROTECTION COMMITMENT

We are committed to complying with all data protection laws and want you to feel confident in the measures we are taking to uphold your data privacy rights.

This privacy policy explains how we, Blue Chip Hospitality, collect and use your personal information. In it we explain the types of information we collect, how we collect it, what we use it for and who we may share your personal information with. We also let you know what rights you have over your information.

WHAT INFORMATION MIGHT WE COLLECT ABOUT YOU?

We do our best to keep the information we collect about you to the minimum necessary. The information we collect and store:

Personal details: We store your first and last name, postal address, e-mail address, telephone number and special requests i.e. dietary requirements. Information about your computer (e.g. your IP address and browser type), information about how you use our website (e.g. which pages you have viewed, the time you viewed them, and what you clicked on), information about your mobile device (such as your geographical location).

Payment details: Online payments are process via our payment partner WorldPay. We don’t have access to your payment card details at any time. For  payments made via telephone, your card details are destroyed once payment has been processed.

Event details: Details about your bookings with us, events you have attended.

Special types of data: In some circumstances we may need to collect information from you that is deemed sensitive. For example, we might collect data about your health. Knowing your dietary requirements and any medical conditions you have will ensure that any necessary adjustments are made. Information about your religion (for example if you specify a meal preference that indicates a particular religion, such as a kosher or halal meal). We try to limit any sensitive personal data we collect to the minimum possible. Unless we have a specific lawful reason to use this information, we will ask for your consent to collect it.

HOW DO WE COLLECT YOUR INFORMATION AND WHY?

Depending upon your interactions with us, we might collect information in the following ways:

Direct Interactions: You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone and email or otherwise, this includes personal data you provided when you fill in part of the booking information on our site but do not complete the booking; request information on an event, sign up to receive email updates, participate in any of our competitions, promotions (for example via any social media channels, email or our site), surveys or market research; create an account on our website and enter information onto online forms.

Third parties or publicly available sources

We may receive personal data about you from various third parties as set out below:

  1. b) analytics providers such as Google based outside the EU;
  2. c) advertising networks such as Facebook based inside OR outside the EU; and
  3. d) search information providers such as Google based inside OR outside the EU.

WHAT DO WE USE YOUR INFORMATION FOR?

We will only use your personal information when the law allows us. Most commonly, we will use your personal data in the following circumstances:

Administrative and business purposes

Improving our website and business, including personalising our website and services for you and other customers. This is necessary for our legitimate interest of better understanding our customers’ and potential customers’ preferences and tailoring our website, products and services to their needs, preferences and desires.

Communicating directly with you with information, updates and changes to our website and in response to enquiries we receive from you. This is necessary for our legitimate interests of informing you about changes to our business, website and privacy policy and responding to enquiries we receive from you.

Providing you with offers relating to our products and services which are similar to the products and services which you purchased from us or were in negotiations to purchase from us (provided that you did not opt-out from receiving such communications either at the time or subsequently). This is necessary for our legitimate interest of direct marketing and advertising our products and services.

Protecting our business and our business interests, including for the purposes of credit and background checks, fraud and website misuse prevention and debt recovery. This is necessary for our legitimate interests of preventing criminal activity such as fraud or money laundering, for ensuring that our website and services are not misused. Where we carry out credit and background checks, we will only carry out such checks to the extent that we are permitted or authorised by law to do so and to the minimum extent necessary.

Communicating with our business advisors and legal representatives. This is necessary for our legitimate interests of obtaining legal or professional business advice. In such circumstances, we will only share your personal information where it is necessary to do so, to the minimum extent necessary, subject to appropriate confidentiality restrictions and on an anonymised basis wherever possible.

For internal administrative purposes, including client, customer and employee information. This will be necessary for our legitimate interest of running and managing our business. Where you have purchased goods or services from us or asked us to take certain actions to enter into a contract with you, this will be necessary for us to perform a contract with you or take steps at your request to do so.

Sharing your personal information with third parties, including service providers and data processors, which are either related to or associated with the running of our business, such as our business partners, insurers, accountants, affiliates, associates, suppliers, independent contractors, email providers, IT and web development service providers, . We will share your personal information with these third parties where it is necessary for our legitimate interest of running and managing our business effectively, fulfilling our contractual obligations (e.g. to our insurers) or for our own direct marketing purposes. Where you purchase goods or services from us or request that we take steps to do so, we may also need to share your personal information with such third parties in order to perform a contract which we have entered into with you or to take steps, at your request, to enter into a contract with you. Where we share your personal information with such third parties, we will do so strictly on a need-to-know basis, subject to appropriate confidentiality restrictions, on an anonymised basis as far as possible and only to the extent strictly necessary for any of these purposes.

We use a third party provider, Constant Contact to deliver our e-newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter.

Ensuring physical, network and information security and integrity. This is necessary for our legitimate interest of ensuring that our IT systems and networks are secure and uncompromised, including, for example, preventing malware, viruses, bugs or other harmful code, preventing unauthorised access to our systems, and any form of attack on, or damage to, our IT systems and networks.

In connection with disclosure requests and in the case of a business or share sale or sale or purchase of a business and/or assets, whether actual or potential. This is necessary for our legitimate interests of selling and/or ensuring and promoting the success of our business. Where we share your personal information with a prospective purchaser or seller, we will do so on a strictly need-to-know basis, subject to appropriate confidentiality restrictions, on an anonymised basis as far as possible and only to the extent strictly necessary for any of these purposes.

WHAT ABOUT OUR MARKETING PRACTICES?

When we will get in touch with you

One of the other reasons we sometimes collect your information is so that we can form a view on what we think you may want or need, or what may be of interest to you. With this information we decide which products, services and offers may be relevant for you and what marketing you may be interested in.

We keep you up to date with our latest offers, new events, sales, promotions and competitions

We will only contact you in this way if:

You have signed up to receive marketing communications from us and have not later told us that you don’t want to hear from us.

You have requested information from us or entered a competition or registered for a promotion and provided your details and you have not told us that you do not want to hear from us.

You have made a booking with us and have not told us that you do not want to hear from us.

What if I don’t want to receive marketing?

We never want to send our marketing to someone who isn’t interested in receiving this content. If you have decided that you no longer wish to hear from us, you can unsubscribe from marketing by clicking on the ‘unsubscribe’ link included in all of our e-mails, changing your preferences in your account section or by contacting us.

Third parties and marketing

We do not pass your information to other parties for marketing. Futhermore  we will not transfer your personal information outside of the European Economic Area.

WHEN DO WE SHARE YOUR PERSONAL DATA?

In order to provide you with the services and on the lawful grounds described above, we may share your personal information with event providers who manage your event delivery. We only share lead name, contact number and special requests i.e. dietary requirements to ensure smooth running of your event.

YOUR PERSONAL DATA RIGHTS

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at info@bluechiphospitality.com

You can exercise these rights over your data by contacting us or by checking the applicable boxes on forms where we collect your information or to tell us that you don’t want to participate in marketing. You can also unsubscribe from any marketing circulation lists you are on by scrolling to the bottom of the e-mail and clicking the ‘unsubscribe’ link.

We will comply with your requests, unless we have a lawful reason not to do so. We may need you to provide additional details to confirm your identity in order to process your request.

DATA SECURITY

We take appropriate technical and organisational measures to secure your personal information and to protect it against unauthorised or unlawful use or processing as well as against the accidental loss or destruction of, or damage to, your personal information, including:

Only sharing and providing access to your personal information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;

Using secure servers to store your personal information;

Verifying the identity of any individual who requests access to personal information prior to granting them access to personal information;

Using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions you make on or via our website;
only transferring your personal information via closed system or encrypted data transfers;

Transmission of information (including personal information) over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk. We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.

HOW LONG DO WE KEEP YOUR DATA FOR?

We will only keep your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal accounting or reporting requirements. We operate a data retention policy and look to find ways to reduce the amount of information we hold and the length of time we hold it for.

By law we have to keep basic information about booking and our customers for six years for legal claims and tax purposes.

HOW TO CONTACT US

We have appointed a Data Manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Manager using the details set out below.

Data Manager
Blue Chip Hospitality Limited
Hawthorne Cottage
The Ross
Comrie
PH6 2JU

info@bluechiphospitality.com

01764 679496

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

OTHER PRIVACY INFORMATION

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Third-party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Changes to this privacy policy and your duty to inform us of changes

This version was last updated on 21st May 2018.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.