Our address is 13 Pier Street, Plymouth, PL1 3BS.
For the purpose of the General Data Protection Regulations (the GDPR), the Data Controller is The Firs Bed and Breakfast. Our nominated representative for the purpose of the Act and your point of contact for any enquiries or communications about this policy is Lesley Wiblin-Meakin. We have tried to make the Policy as easy to understand as possible, but please do contact us if you have any queries.
Your privacy is important to us
Collection of personal information
Personal information is anything which identifies you personally whether directly (e.g. your name, phone number, email address, postal address) or indirectly (e.g. information about your use of our services).
We may collect and process the following data about you:
Personal information you give us
We may receive this information when you, for example:
- complete any of the forms on our website, e.g. contact forms, application forms, enquiry forms, booking request forms, testimonial forms, newsletter or any other subscription forms, etc.
- use Facebook Messenger or Live Chat on our website
- post any information on our website
- carry out any transaction on our website
- email us, phone us, or contact us in any other way, including via social media
- request a quote / place an order / provide us with information required for invoicing
In addition, we collect the information you give us about changes / updates to your personal information, contact preferences, etc, and when you report a problem with our website. The personally identifiable information could include, but is not restricted to: name, email address, telephone number, postal address, photos for promotional purposes, financial.
Information we collect about you
When you visit our website, we may automatically collect certain information. We use Google Analytics on our website.
This is information about your computer hardware and software, such as:
- your IP address, your login information, browser type, browser version, domain names, access times and time zone settings, browser plug-in types and versions, operating system and platform; referring website addresses.
Information about your visit to our website, such as:
- weblogs, length of visit, pages viewed, time on pages, flow through the website, the products or services you viewed or searched for, page response times, download errors, actions taken on the website (calls, links, downloads etc), page interaction information etc.
We may also collect and process information about you from other sources, e.g. social media if you ask us to connect with your page / account. We may record calls for quality and training purposes.
How we use your personal information
We must have a lawful basis for processing your data – this could be:
- Consent; Contract; Legal obligation; Vital interests; Public Task; Legitimate interests; Special category data; Criminal offence data
We have reviewed the purposes of our processing activities and selected the most appropriate lawful basis or bases for each activity. We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
Personal information is used by us:
- to provide our products and services to our clients in accordance with their order, agreement, contract – legal basis: contract
- to invoice our clients – legal basis: contract
- to notify you about changes to our products or services – legal basis: contract
- to maintain and improve the quality of our products and services for our clients and new clients – legal basis: legitimate interests
- to provide existing clients and others who have given consent to receive newsletters or other marketing communications with relevant information – legal basis: consent
- to provide general statistics regarding the use of our website, in order to improve it in the future – legal basis: legitimate interests.
We will only ever use the information you have provided for the purpose it has been collected for. For example, if you provide us with your email address for a service enquiry, we will not add your email address to a newsletter database for email marketing, without your consent.
If you are an existing client, we use your information to provide you with information on relevant services, products and offers, given your consent. You have the right to ask us to stop contacting you for marketing purposes at any time. We do not sell, rent or lease our customer lists to third parties.
How we will share your data
In some instances we may use third party service providers such as agents, subcontractors and other organisations to help us provide quality, timely products and services to you. Please contact us if you would like further information. All third parties are vetted for quality.
We may use third party software / systems in order to provide our products and services to you, e.g. booking software, quoting software, invoicing software, payment gateways, donation software, email marketing software, etc. Please contact us if you would like further / more specific information on this. We will be very happy to provide it.
Data storage and retention
If you send us an email or complete a form on our website, the information will be stored in our email system. If you enter information onto our website, such as registration / user information, comments / posts, this information will be stored in our WordPress database. If you subscribe to a newsletter on our website, this information will be held in Mailchimp, email marketing software. You may withdraw consent at any point, and we will remove your data. Any website transactional data will be stored in WordPress.
Please note: online bookings via our website are taken using Freetobook third-party software using the Stripe payment gateway.
We retain your data for only as long as we need it to provide our products and services to you, and to fulfill any regulatory obligations. When your personal data is no longer required, we will delete it from our systems.
Our website is protected by an SSL certificate. When installed on a web server, an SSL certificate activates the padlock and the https protocol and allows secure connections from a web server to a browser. (Typically, SSL is used to secure credit card transactions, data transfer and logins.)
We also have security plugins installed on our website carrying out regular monitoring and providing protection e.g. from unauthorised login attempts.
Your rights regarding your personal data
Under the GDPR (General Data Protection Regulation) you have the following rights:
- Right of access – to your personal data – please contact us
- Right of rectification – we are obliged to correct or update your details – please contact us
- Right to erasure – you have the right to ask us to delete your personal data – also known as the “right to be forgotten”
- Right to restrict processing you have the right to request that we restrict or supress the processing of your data – please contact us
- Right to data portability – you have the right to obtain and reuse your personal data for your own purposes – please contact us
- Right to object – you can object to us processing your personal data in some circumstances; you have the absolute right to stop your data being used for direct marketing
- Rights related to automated decision making including profiling – we do not use this
Links to other websites
Published: May 2018