This website is operated by Cluny Castle. We take the privacy of our visitors very seriously and are committed to protecting and safeguarding your personal data. We urge you to read this policy very carefully as it contains important information about the types of information that is collected and recorded by Cluny Castle and how we use it to ensure that it meets the data protection regulations. This includes information such as:
who we are;
how are why we collect, store, use and share personal information;
your rights in relation to your personal information, and
how to contact us and supervisory authorities in the event that you have a complaint.
Who We Are
Cluny Castle collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulations which apply across the European Union (including the UK) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
If you have any further questions about this Privacy Notice or our data collection practices, please contact us at the address, telephone number or email address listed above. Data Protection Principles
We will comply with the six data protection principles in the GDPR, which say that personal data must be: 1. processed fairly and lawfully and in a transparent manner; 2. collected for specified, explicit and legitimate purposes and processed in accordance with such purposes; 3. adequate, relevant and not excessive for the purpose; 4. accurate; 5. not kept longer than necessary; and 6. processed in a way that protects the integrity and confidentiality of the personal data. 7. accountable
We shall ensure we can show that we have complied with the data protection principles.
Information We Collect
Personal data, or personal information, means any information collected about you as an individual. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
We may collect, store, and use the following categories of personal information about you:
Identity and contact details such as your name, title, address, email address and telephone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
If you are submitting an enquiry form, we may request data that helps us tailor a response to you regarding our services, for example your location or how you heard about us
Usage and technical data about how you use our website including data about your browsing actions and patterns.
Marketing and communications data
The data you provide is all kept in-house on our sales management system and through our email system.
If you confirm an event with Cluny Castle, we may collect payment information from you including credit or debit card information provided to us. If this is the case, any payment information collected is not stored on our internal system. It is destroyed after payment has been taken unless you give us written permission to keep it on file for future payments.
We collect this information when you submit an enquiry form or contact us directly. Without your permission, we will not disclose information about your visits to our website – or any other personal information that you may give us – to any third parties.
We do not collect any special categories of personal data about you (for example, details about your race or ethnicity, religious or philosophical beliefs, political opinions or information about your health).
How We Collect Your Data
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your personal information when corresponding with us by post, phone, email or through meeting us at exhibitions and events.
Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also use analytics services providers such as Google.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
where we need to perform the contract we are about to enter into or have entered into with you;
where we have your consent;
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
where we need to comply with a legal or regulatory obligation.
How We Use Your Data
We use the information we collect in various ways and the purpose for which personal data is processed is as follows:
To understand and analyse how you use our website;
To understand and analyse geographical and demographic information about our enquiries;
To develop new products, services, features, and functionality;
To communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, to book or plan your event and for marketing and promotional purposes;
Any market research we do is kept in-house and is not sold to any third parties;
To communicate with you by email.
Who Has Access To Your Data?
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another lawful basis for doing so.
Your personal information will be shared internally through our sales management system and through our email system.
If you have confirmed an event with us, personal contact information may be shared with third-party suppliers, appointed by you and involved in your event. This is to ensure that both ourselves and the supplier understand how you would like your event to run and to ensure it is executed to the highest standard.
If you have not confirmed an event with us, your information will never be given to a third party.
How Do We Protect Your Data?
Cluny Castle will process your data only in accordance with the GDPR, this Privacy Notice and in adherence to Cluny Caste’s Data Protection Policy and other relevant policies.
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We will only process your personal data for the specific purposes notified to you in this document. Your personal data will only be processed to the extent that it is necessary for the specific purposes notified to you. We will keep the personal data we store about you accurate and up to date. Data that is inaccurate or out of date will be destroyed or updated. Please notify us if your personal details change or you become aware of inaccuracies in the personal data that we hold about you.
We will also use appropriate technical and organisational measures to keep your information secure and protect your rights.
We also have procedures in place to deal with any suspected data security breach. In the event of a data breach which results in high risk to your rights and freedoms, we shall communicate the nature of that breach to you, and any applicable regulator of a suspected security breach where we are legally required to do so, along with the likely consequences of the data breach and details of the measures taken or which we plan to take to address the data breach and to mitigate its consequences.
Indeed, while we will use all reasonable efforts to secure your personal data, in using the site you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us using the details below.
How Long Do We Keep Your Data?
The data we collect will be retained for at least the minimum required statutory period. We will keep your data on file for up to 6 years and this will commence from the date of receipt of the personal data.
Cookies and Other Similar Automated Technologies
When you interact with our online services we obtain certain information using automated technologies, such as cookies, web server logs, web beacons, and other technologies. A “cookie” is a small text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Similar technologies such as “web beacons,” also known as an internet tag, pixel tag, or clear GIF, is a tiny graphic image that may be used in our websites or emails.
We use these automated technologies to collect your device information, internet activity information, and inferences as described above. Some of this information may be aggregated or statistical, which means that we will not be able to identify you individually.
These technologies help us to:
remember your information so you do not have to re-enter it;
track and understand how you use and interact with our online services and emails;
tailor our online services to your preferences;
measure how useful and effective our services and communications are to you; and
otherwise manage and enhance our products and services.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
Fair processing of information and transparency over how we use your personal information
The right to access - you have the right to request copies of your personal data.
The right to rectification - you have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
The right to erasure - you have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing - you have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing - you have the right to object to our processing of your personal data, under certain conditions.
The right to lodge a complaint to the Information Commissioner’s Office. Should you be unsatisfied, or you believe that your data is not being processed in accordance with the Data Protection Act or the GDPR, you may complain to the Information Commissioner’s Office (ICO). Further information, including contact details can be found on the ICO’s website at https://ico.org.uk/for-the-public/
If you would like to exercise any of these rights detailed above please:
Email, call or write to us
Let us have enough information to identify you
Let us have proof of your identity (a copy of your driving license, passport or a recent credit card/utility bill)
Let us know the information to which your request relates
Changes To This Privacy Notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. If you have any questions about this privacy notice, please let us know using the “Contacting us” details below.
If you have any further questions about this Privacy Notice, our data collection practices, or the information that we hold about you, please contact us at the address, telephone number or email address listed below.