This document serves as the Varis Holiday House Privacy Notice, for the purposes of the General Data Protection Regulations and seeks to provide information about how Varis Holiday House (referred to as us/we) process information.
1. Who are we?
We are Varis Holiday house, a furnished holiday let business owned and operated by Debra Storr and Gordon Milne, Westmost Cottage, Balmedie House, Balmede AB23 8XU
Our general email address is bookings@VarisHoliday.co.uk
Our named Data Protection Officer is Debra Storr, who can be contacted directly via email.
2. How do I complain about the way my data has been handled?
Please email bookings@VarisHoliday.co.uk where Debra will try to help.
If you are unhappy with either response that we have provided you, you have the legal right to complain to the Information Commissioner’s Office (ICO). Details about how to do this can be found on their website: https://ico.org.uk/concerns/
3. How can I see a copy of my personal data held by you?
To get a copy of your data (known as exercising a Subject Access Request), please email bookings@VarisHoliday.co.uk or write to us at the address in point 1, stating your wishes. We will provide this without undue delay and at the most, within one month.
As this is your legal right under GDPR, there is no charge for this.
We will provide the data in the best format we possibly can, which will be easily readable by you.
4. How do I request data about me is corrected, deleted or restricted from processing?
To ask for your data to be corrected or deleted, please email us (see point 1) and we will ensure your request is dealt with as quickly as possible.
Please be aware, that there is some data that we will not be able to remove, due to legal obligations that we hold (e.g. ecommerce activity is required to be kept for tax and accounting reasons). Should we need to decline your request, we will explain fully and explain your options if you do not agree with our decisions.
If you wish for your data to be suppressed and believe you have the right to do so (to find out more on your rights, visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/), please email us (see point 1) with your request, and we will deal with it along with current legal guidelines, without delay.
5. How do I object to you processing my data?
If you wish to opt-out from marketing from us, you may do so, just email or phone us. and we will take care of your request without delay.
We do not process personal data for statistical or research purposes.
We do not use your data for any automated decision making or profiling.
6. What data do you store, why do you store it, where do you store it, and for how long?
Well, you certainly ask some tough questions, don’t you?! But that’s okay – we’re prepared for it.
6.1 Business data
We keep records of all bookings using an online application known as SuperControl. This helps us record every booking and publish availability and also records payments made which we need for tax and insurance purposes. HMRC requires us to keep 7 years of records.
Those opting to pay via PayPal will also generate a record in our business PayPal account.
Those booking via Holiday Lettings/Trip Advisor will also generate records into those environments.
We may send guests an email seeking feedback and requesting reviews after their stay. It’s entirely up to guests whether they follow the links to the third party review sites we use.
We use a simple customer spreadsheet to track all customer payments and bookings to help our accounting.
We have a Facebook Page and a Twitter account which people may subscribed to. We do not attempt to extract any information from these sources but may occasionally ask for permission for use images you post for our marketing.
6.2 Website Data
What we store
- Web Server logs
- IP Address
- Web Browser User Agent String
- What pages were visited
- Google Analytics
- Website Page Metrics
Why we store it
- Identifying and diagnosing issues with the website and web server
- Identify and resolve potential security risks
- Identify improvements we can make to the website
How long for
- Server logs: Up to 12 months
- Google Analytics: Up to 25 months
What legal right?
- Server logs: Legitimate Interest
- Google Analytics: Not identified as personally identifiable data
What is the legitimate interest?
- We need to ensure that if there is an error on our website, we can be notified of it and resolve it ASAP.
- Security issues must be identified immediately – this can be done via a security log.
- Anyone exploiting a security issue will never give consent for storage of data. It would be counterintuitive!
- Getting consent for storage of data for logging is not practical and is prohibitive.
Do we transmit this data to third parties?
- No personally identifiable data is transmitted. Log files are stored only on the server, and only accessible by the Debra.
Do we transmit the data to another country?
- No personally identifiable data is transmitted outside of the EU.
- Web logs are stored locally on the web server, which is based in on TSOHosts servers in the UK.
If you have any comments, questions or concerns relating to your data, privacy or security at Varis Holiday House, please do email us – we’d rather you asked than worried. You can get in touch with us via bookings@VarisHoliday.co.uk
After reading all that, you deserve a reward. So here’s a dog relaxing.