This privacy notice sets out how we collect and process any personal information we collect about you when you use our website www.edinburghtourguide.com
Edinburgh Tour Guide takes its responsibilities for your personal data security very seriously and this policy is designed to comply with UK data protection legislation.
By providing us with data, you warrant to us that you are over 13 years of age.
Edinburgh Tour Guide is a data controller.
Our full contact details are Edinburgh Tour Guide, 6c Westmill Haugh, Lasswade, Midlothian EH18 1BF e: [email protected]
The new General Data Protection Regulation 2018 clearly states that the personal data we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely
We are accountable for these principles and must be able to show that we are compliant.
When we provide you with a service we will ask you for your contact details (name, billing address, email address & telephone number). We use this information to process your order, to provide post-sales support and for sales analysis purposes. The legal bases we use to process your data in this way are: contract (in order to fulfil our contract with you) and legitimate interest (in understanding and running our business). In this instance the information will be collected directly from you or from a representative acting on your behalf.
We capture information about how our visitors interact with our website and use this data with a 3rd party service, Google Analytics. This data is captured, aggregated and made available to us via the Google Analytics tools.
We use Google Analytics to help us better understand what content and products visitors want. We do not use analytics data to track or identify individuals.
What’s a cookie?
A “cookie” is a piece of information that is stored on your computer’s hard drive and which records how you move your way around a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.
Cookies are used by nearly all websites and do not harm your system.
If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. You can block cookies at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Cookies are either:
- Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page, but they do not collect any personal data from your computer; or
- Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. We use persistent cookies for Google Analytics.
Cookies can also be categorised as follows:
- Strictly necessary cookies: These cookies are essential to enable you to use the website effectively, such as when buying a product and / or service, and therefore cannot be turned off. Without these cookies, the services available to you on our website cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
- Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.
- Functionality cookies: These cookies allow our website to remember choices you make and provide enhanced features. For instance, we may be able to provide you with news or updates relevant to the services you use. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised.
We will use/process your information for the following purposes only:
- To provide a service that you have requested us to undertake on your behalf.
- To carry out the contract we have entered into.
- To send you specific marketing information on the grounds of legitimate interest. Please note that you can unsubscribe from our marketing list at any point by clicking ‘unsubscribe’ on the bottom of any email that we send.
Your personal data is stored on a password protected database. The information is only accessed by 3 members of staff on computer systems that are password protected. Paper copies of your personal data may be kept for the purposes of accounting and we may have a legal obligation to provide it to a legal authority such as HMRC. All paper files are stored in a locked filing cabinet.
We partner with several companies worldwide and from time to time may have to disclose your personal information to complete a booking or service. Information shared with third parties will be limited only to that which is deemed necessary to complete the booking or service you have requested. All third parties will be required to afford your data the appropriate level of confidentiality and to use it in accordance with the law and our polices.
We have put in place appropriate security measures to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those agents, contractors and other third parties who have a business need to know such data. They will only process your personal on our instructions and they are subject to a duty of confidentiality.
Some of our partners are not based in the EEA. Countries outside the EEA do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Please email us at [email protected] if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
By law we must keep basic information about our customers for 6 years after the cease to being customers for tax purposes.
These are your rights, provided by GDPR, in relation to your personal data:
- Right to be informed – we need to tell you various things about us and our data processing activities.
- Right to access – you have a right to ask if we hold personal data about you and, if so, you have a right to access that data and to know how it’s used.
- Right to rectification – you have a right to have your personal data updated if it is not correct or completed if it is incomplete.
- Right to erasure (the ‘right to be forgotten’) – you have a right to have your personal data removed from our systems.
- Right to restrict processing – you have a right to restrict our processing of your personal data.
- Right to data portability – you have a right to be provided with a copy of your personal data in machine-readable electronic format.
- Right to object – you have a right to object to processing of your personal data in certain circumstances.
- Right to object to automated processing – you have a right to object to decisions based on automated processing (including profiling).
Most of your rights contain exceptions and conditions that affect how and when they apply. You can find more information about individual rights at the ICO website. If you wish to exercise any of these rights or have questions about our use of your personal data, then please contact [email protected]
Finally, you also have the right to lodge a formal complaint to the relevant supervisory authority (the ICO) if you think we’ve breached your rights. We would be grateful if you contact us in the first instance, if you do have a complaint, so that we can try to resolve it for you.
This privacy notice does not cover other websites that we link to from our site.
Any changes to our privacy notice will be published here and announced on our website. This policy was last reviewed and updated on 30th May 2018.