Terms and Conditions
Terms and Conditions
Please be forewarned that it is possible to catch computer viruses by accessing a web page or by downloading or running an infected program. Whilst Highlea has taken steps to ensure that the pages on this web site are free from infection, such is the nature of the Internet that no assurance can be given that the pages of this web site are indeed free from infection. It is a condition of us allowing you free access that Highlea will not be liable for any loss or damage suffered by any person accessing this web site or any third party resulting directly from the transmission of a computer virus resulting from the accessing of this web site.
Please note that the information available on this web site may be incomplete, out of date or incorrect. It is therefore essential that you verify all such information with us before taking any action in reliance upon it. It is a condition of us allowing you free access to the material on this web site that you accept that we will not be liable for any action you take in reliance on the information on this web site.
The contents of the pages on this web site are copyright Highlea. The copying or incorporation into any other work or part or all of the material available on this web site in any form is prohibited save that you may: download extracts of the material on the site for your personal use; or: copy the material on the site for the purpose of sending to individual third parties for their personal information provided that you acknowledge us as the source of the material and that you inform the third party that these conditions apply to them and that they must comply with them.
Last updated: Sunday, May 20, 2018 12:00 AM
Some key terms are defined as follows, and throughout this document:
- Highlea ("Highlea", "www.bandb-highlea.co.uk", "we", "us", or "our") is the company that collects and processes Personal Data for the purposes described in this Policy.
- SCRUMPY Ltd ("SCRUMPY") is the company that we use for hosting our website, booking system & CRM (+ other functionality).
- Our Services are detailed in the 'About Highlea' section.
- Personal Data is any information relating to an identified or identifiable natural person ("Data Subject")
The way in which we store data, process data and run our business is done in a GDPR compliant manner. Upon request we can provide details of data flow, a data inventory, a data breach policy, an employee dismissal log, details on the employee security training we have in place and more. Please follow the instructions in the contact section below to request any information not present in this policy.
In short, we only gather Personal Data we need, we only keep it for as long as is needed, we only use it for what we state below, you can request to correct/edit/remove it, we store it securely, we do not pass it to third parties unless otherwise stated and we aim to be transparent with how we use Personal Data.
Highlea uses SCRUMPY, an online website management & booking system to produce our website, keep track of bookings, enquiries, payments and more.
Highlea is committed to the protection of Personal Data, including data that we use for our own purposes, and that we maintain on behalf of any property owners we may work with.
Collection and Use of Personal Data
Highlea collects information, including Personal Data, for the following purposes:
- Improving our website's content and user experience
- Internal business purposes
Your consent to this policy (where requested) is tracked.
This Policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable individual (Data Subject).
The services of Highlea are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.
The use of our website by an individual classes them as a 'legitimate interest', visiting the site is enough to identify this, data associated with an individual's visit needs to be processed for efficient site operation. Any data collected will be used in a conservative way to help maintain the individual's rights & freedoms.
Improving our website's content and user experience
In the course of providing the website hosting services, SCRUMPY may receive, access, analyse, process and maintain Personal Data on behalf of us.
We determine the types of Personal Data that will be collected and used within SCRUMPY, how it will be used and disclosed, and how long it will be stored. For any questions relating to how your Personal Data is used by SCRUMPY which are not covered in this policy, please contact SCRUMPY directly via email: firstname.lastname@example.org.
SCRUMPY's Usage Information is collected, including information about how you are accessing and using our site. SCRUMPY directly uses information to understand and improve their services and exposes it to us so that we able to do the same for our business. Usage information may also be used to investigate and prevent security issues, abuse and fraud.
Internal Business Purposes
We may collect personal data from you through our Website (www.bandb-highlea.co.uk), social media, over the phone, and other channels for the following purposes:
Responding to your enquiries: When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future and to improve our customer service and offerings.
Informing you about offerings: We may use your contact information for our own marketing or advertising purposes. We do not sell or rent your Personal Data to third parties. You can opt out of these at any time by following the steps outlined below.
To Understand and Improve our Services and Website Service Usage Information is collected, including information about how you are accessing and using the Service. We use this information to understand and improve our Services, and to investigate and prevent security issues, abuse, fraud.
Third Party Links
Third Party Tools/Services
We use a number of third party tools & services (sub-processors) that Personal Data may be sent to, including:
- Google Analytics: To help us gain an insight into the performance and usage of our website.
- FullStory: To help improve the user experience of our website by recording a sample of user sessions.
We have different timeframes on various elements of Personal Data that we hold dependent on its purpose. Once we no longer need to retain your Personal Data, we will make sure that it is deleted or anonymised.
Disclosure of your Personal Data
As a matter of practice, Highlea does not disclose, trade, rent, sell or otherwise transfer Personal Data, except as set out in this policy.
We may transfer or disclose Personal Data as follows:
Service Provider Arrangements
We may transfer (or otherwise make available) Personal Data to third parties who process it on our behalf for the purposes noted above. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
As of the date hereof, these third party providers include technical operations such as database monitoring, data storage, hosting services and customer support software tools.
Changes to our Business Structure
Highlea may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of Highlea's assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
Compliance with Laws
Highlea and the providers we use may share or disclose Personal Data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
Enforcing Our Rights, Preventing Fraud, and Safety
Highlea may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.
In short, the personal data you provide to us can be provided upon access, we protect it to the best of our ability, we can amend it for you upon request and remove it from our systems upon request.
If you have any complaints, concerns or queries about how we manage Personal Data, please contact us by emailing email@example.com. If you are in the European Union you have the right to complain to your local Data Protection Authority about the collection and use of your Personal Data.
Access and Correction of Personal Data
If we receive a request from an individual to access or update Personal Data we have collected we will endevour to respond to said request.
If you submit Personal Data via our Website or otherwise provide us with your Personal Data, you may request access, updating or correction and removal of your Personal Data by submitting a request to us via our contact form. We may request certain Personal Data for the purposes of verifying your identity.
How We Protect Personal Data
Highlea takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of Personal Data and other information, please see the Security Practices section; we keep that section updated as these practices evolve over time.
As a business both we and the third parties we trust, follow good security practices to help keep Personal Data secure.
Highlea uses SCRUMPY, SCRUMPY is hosted on Amazon Web Services. As such, Highlea inherits the control environment which Amazon maintains. In short web servers and databases run on servers in secure data centers.
SCRUMPY encrypts all customer data input via the website & booking management system both in transit and at rest. Communications between you and SCRUMPY (our website) are encrypted via HTTPS and Transport Layer Security (TLS) industry best-practices.
Access to Personal Data is limited via a user management system controlled within SCRUMPY. We ensure that anyone with access to Personal Data at Highlea has an awareness of GDPR & good security practices.
In the event of a Personal Data breach we will endevour to notify the relevant legal authorities and inform the effected individuals within 72 hours of identifying said breach. If you believe you have discovered a personal data breach please contact us using the details below immediately.
Please contact us if:
- you wish to access, remove, update, and/or correct inaccuracies in your Personal Data; or
- you otherwise have a question or complaint about the manner in which we or our service providers treat your Personal Data.
Highlea, Haythorne, Horton, Wimborne, Dorset, BH21 7JG United Kingdom
Registered Office: Highlea, Haythorne, Horton, Wimborne, Dorset, BH21 7JG United Kingdom