Due to the General Data Protection Regulation becoming effective on 25th May 2018, we will make sure that:
- We are lawful, fair and transparent in the way that data is processed
- Personal data is used for a specific purpose
- We only record the data that is required
- Have a duty to keep the data accurate
- Data is only kept for as long as is required
- All data is stored securely
This Privacy Notice will detail how we comply with the above principles as well as your rights as the data owner.
What data do we collect?
Personal data refers to any data that can be used to identify a natural person and we only process personal information that is required for us to carry out our business dealings for the customer. To ensure smooth business running, we hold a small amount of customer information. This information will be held identifying contact individuals, including but not limited to:
- Contact name
- Contact number
- Email address
Bank details or other preferred method for payment to compensate services rendered for a reasonable time after the transaction. This may include but is not limited to; invoices, contracts and emails regarding details of services used by Sedulo.
How do we collect your data?
The data we hold is legitimately gained through the contact form. The customer holds the responsibility to ensure accurate and relevant information is given with full consent of the individual or company or through a 3rd party. For any 3rd parties that we use to gather information (such as lead generation) we ensure to only use GDPR compliant companies and will not hold any data that has not been scrutinised as such.
What is our Legal Basis for Processing your data?
We hope you will agree that we have your best interests at heart when you provide your data and we will ensure your data is kept safe. GDPR states that we are required to let you know under which legal basis your data is processed. We are using Legitimate Interest as our legal basis for processing.
Legitimate Interest – Article 6(1)(f) details:
“processing is necessary for the purpose of the legitimate interest pursued by the controller or by the third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”
We want to make sure that we provide you with the best possible service so we hold data on you and contacts within your business that we may need to speak to. In addition, we also log details of conversations, emails sent and received, meetings and other business communication.
In order to ensure prompt payment for services you have provided we will need to hold certain information on you and your business so that payments can be made within the required timescales.
For all the above we feel this data is necessary for our legitimate interest as Financial Services Business to provide a comprehensive service to our clients and employees.
Why do we collect your data?
Our core business activity is to provide clients travel and leisure services. To accomplish this, we gather personal information to assist with customer enquiries freely given by the contact.
How do we use your data?
In order to provide the best service to customers, your data may be used in one or more of the following ways:
Storing and updating your information on our customer system so that we can contact you in relation to travel and leisure activities.
Make contact in relation to travel and leisure information, either by email or telephone.
Marketing information about events, offers and promotions we are holding that may be of interest to you.
Marketing information in relation to the services we can provide.
Keeping records of conversations, emails and meetings to refer to if needed in relation to any dispute.
For some of the above activities your consent is required.
Who do we share your data with?
In some circumstances we may need to share you details with a 3rd party for us to be able to provide you with our services. This would include:
Vehicle hire companies
How do we safeguard your data?
Your data is of the upmost importance to us and as such we ensure all relevant security is in place to keep your data safe and protected from any potential threats.
However, if you think we have not taken care of your data or if it has been misused, our contact information can be found at the end of this document
How long do we keep your data for?
We retain your information as long as the information is required and pertinent. This would either fall under our legitimate business interest of an on-going business relationship or for legal obligations.
GDPR provides the following rights;
The Right to be Informed – you have the right to be informed about the collection and use of your personal data and you must be provided with certain information including; the purpose for processing your personal data, our retention periods for the data and who it will be shared with.
All this information is provided by means of this Privacy Notice.
The Right of Access – you have the right to access your personal data and any supplementary information. This is known as a Data Subject Access Request (DSAR) and when received by our designated Data Controller, we are legally required to provide this information within one month. This information will be provided free of charge unless we feel the request is manifestly unfounded or excessive, particularly if it is repetitive. A fee may also be charged if further copies of the same information are requested.
The Right to Rectification – you have the right to have any inaccurate personal data rectified if incomplete or incorrect. You can request this to be done verbally or in writing and we have one calendar month to respond once this has been passed to the designated Data Controller. There is no fee attached to this request however, if we feel the request is manifestly unfounded or excessive, particularly if it is repetitive – we can charge a fee or refuse the request. If either of these apply, we will provide you with our reasons for such action.
The Right to Erasure (this is also known as the right to be forgotten) – you have the right to have your personal data erased if:
- The data is no longer necessary for the reason it was originally collected or processed.
- Your data has been processed for legitimate interest and you object to the processing of your data and we cannot provide an overriding legitimate interest to continue processing.
- The data has been processed unlawfully (in breach of GDPR).
- Data must be erased to comply with a legal obligation.
If we process your data for one of the following reasons, the right to erasure does not apply:
- To exercise the right of freedom of expression and information.
- To comply with a legal obligation.
- For the performance of a task carried out in the public interest.
- For archiving purposes in the public interest, scientific research, historic research or statistical purposes.
- In the defence of a claim.
The Right to Restrict Processing – you have the right to restrict the processing of your data in certain circumstances. When processing is restricted we may store enough information to ensure future restriction is respected. We will stop processing data if:
- You do not agree with the accuracy of your personal data.
- The data has been unlawfully processed.
- To establish or defend a legal claim.
- You object to our legal ground for processing your data.
We can only continue to process your data when the above has been resolved and we will inform you before any restriction is lifted. If your data is restricted it can only be retained if:
- You give your consent to processing.
- It is in defence of a legal claim.
- It is for the protection of another person.
- It is for reasons of important public interest.
The Right to Data Portability – you have the right to transfer your details across different services. This right only applies if:
- Data that has been provided to a controller by an individual.
- Processing is based on consent or for the performance of a contract.
- Processing is carried out by automated means.
When we receive a portability request we must respond within one month of the Data Controller being notified and no fee is applicable. We must provide the information in a structured, commonly used and machine-readable form.
The Right to Object – you can object to the processing of your data when it is processed under one of the following reasons:
- Our legitimate interest.
- Performance of a task in the public interest/exercise of official authority.
- Direct marketing.
- Processing for scientific/historical research or statistical purposes.
Within 1 month of notification of this request, we must stop processing your data unless:
- We can demonstrate compelling legitimate grounds for processing which override your interest.
- It is being processed for the establishment, exercise or defence of a legal claim.
If your objection relates to direct marketing we will ensure your details are either removed or adjusted, in line with your request as promptly as possible. This process can be started by either clicking “unsubscribe” on the marketing email or emailing email@example.com.
If your data has been shared with a third party and you request one of your “rights” listed above we will notify them and act upon the requirements of your request unless this is not possible or involves disproportionate effect.
As a business, and to comply with Article 6 of GDPR, we have agreed that the legal basis for processing your data will be (depending on your relationship with us) either “Legitimate Interest” or “Contract”. As well as complying to the GDPR in relation to direct marketing we must comply by The Privacy and Electronic Communications Regulations (PECR).
However, in certain circumstances we are required to have your consent to perform certain activities. This consent can be given in the form of an opt-in or soft opt-in option.
We must ensure your consent is; freely given, you understand what you are consenting to and are able to opt-out by unsubscribing at any time.
If you require further information about Swan Parties LTD, please contact us here.
Alternatively, you can write to us FAO: Company Directors,
Swan Parties LTD