As part of our obligations when processing Personal Data, this Privacy Notice sets out what we do with Personal Data and what you can expect from us.
1. Who are we?
Visit Bolsover is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) (EU) 2016/679. The GDPR will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998.
We believe in protecting the confidentiality and security of information we collect about you. This Privacy Notice is intended to bring to your attention our practices relating to the collection, processing and disclosure of personal information.
We may update this Privacy Notice from time to time.
For the purposes of this Privacy Notice, please note that “personal information” refers to personal information relating directly or indirectly to an identifiable person contactable by Visit Bolsover.
2. Sensitive personal data
The GDPR provides a definition for "sensitive personal data". This relates to information concerning a data subject's racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences.
We will not collect sensitive personal data without your explicit consent (unless we are legally entitled to do so in accordance with the GDPR).
3. What data are collecting?
· We may hold Personal Data (including Sensitive Personal Data) about customers.
· We believe it is important to be open and transparent about how we will use your Personal Data.
Information we may hold includes the following:
Some of the information we collect about you may include your sensitive personal data as defined in the General Data Protection Regulation (GDPR) (please see section 4 below for more details).
4. Why do we collect this information?
· We use this information to communicate with you and to carry out our obligations as a tourist website.
We do not collect or compile personal data for release or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties.
5. How do we collect your personal data?
· We gather data through a variety of methods, these include:
We must have a legal reason to process your personal information. Your information will usually be processed to enable us to contact you and provide information about the services we can provide. In those few cases where your consent is required, this will be communicated to you at the point of collection.
6. Who has access to this data and who do we share it with?
· Only staff of Visit Bolsover who need information to carry out their role have access to that information.
· From time to time, other third parties may be used to facilitate the collection and storage of personal data, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
· If we are under a duty to disclose or share your personal data to regulatory or law enforcement agencies.
7. Your rights
You have the following rights under the General Data Protection Regulation (GDPR):
· As a Data Subject you have rights over your own data that you can exercise at any time, these are:
a) Data is accurate – we must keep your data accurate.
b) Data is rectified - we must correct any errors in your data.
c) Data is erased – we must erase data if not needed or requested by you, that is not excessive and is possible.
d) Data is portable – we must provide a copy of your data back to you.
e) Data processing is limited – we must cease a processing activity if you object to it.
f) Consent withdrawal – we must allow you to withdraw consent at anytime.
g) The obligation to notify relevant third parties. If we have shared information with other people or organisations, and you then ask us to do either (b), (c) or (e) above, as a data controller, we must tell the other person or organisation (unless this is impossible or involves effort that is out of proportion to the matter).
In the event that you wish to contact us to exercise these rights or for any further queries on this Privacy Notice please contact Sarah Taylor or Sarah Smith at firstname.lastname@example.org
8. How will you data be stored and kept security?
We take data security seriously.
This data is securely stored
We cannot guarantee the security of any third-party application you may use to transmit your data (for example, internet browsers).
9. When will we delete this data?
· We may keep information for different periods of time, for different purposes as required by law or best practice.
· When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal, regulatory, and professional obligations.
If you have any further questions about the way we manage your data you contact:
By email: email@example.com
By post: please request details