Privacy Policy for Castle Green Bed and Breakfast
Last updated 15th May 2018
This privacy policy explains how Castle Green Bed and Breakfast (‘we’) use any personal information we collect from you.
Information we collect from you
Booking online via our website
When you make a booking online Eviivo collect the names of the guest booking, home address, email address and telephone number. This data is held securely by Enviivo.com (https://www.enviivo.com), who provide our property management system. Eviivo also collect a debit or credit card number to take the deposit/payment for your stay. This data is encrypted and held by World Pay (https://www.worldpay.com/uk/privacy-policy), who provide the payment system. Card details are securely deleted within 72 hours of your departure.
Booking online via Expedia and Booking.com
For Expedia bookings (https://tripadvisor.mediaroom.com/UK-privacy-policy) we receive a Virtual Credit Card (VCC) to take full payment on guest arrival. We also receive VCC from certain booking.com bookings (https://www.booking.com/content/privacy.en-gb.html).
Direct phone booking
Should you make a booking direct with us via telephone you will be asked for a contact telephone number, an email address to confirm booking and your credit/debit card details to take a deposit. The card details are entered direct into world pay terminal and are encrypted. We do not store or retain card details.
Your reviews and emails to us
If you email us direct the email is kept securely for a maximum of up to one year and then securely deleted, unless required by law. If you email us via our website contact form, the contents are entered on a secure page and then encrypted before being sent to us, and a copy sent to the email address you gave us, securely. If you submit a review on our website, we ask for your name and email. This is so we can identify that you have stayed with us. A copy is held on our hosting company’s server We collect, and display reviews, submitted to Google on our website. Please refer to Google Privacy Policy: https://policies.google.com/privacy and Tripadvisor: https://tripadvisor.mediaroom.com/UK-privacy-policy
How we use the information we hold on you
We use your email address to send you confirmation of the booking and other information you may find useful for your stay prior to arrival.
After your stay you will receive an email asking for any feedback. We also provide details of different ways you can leave a review if you choose. If you leave a review, we may display this on our website. However, this is done in an anonymised way.
How is your data stored?
All data you supply us, as part of the booking process, is stored securely on our booking system, Eviivo.com (https://www.eviivo.com/privacy-policy). All card details are stored on World Pay (https://www.worldpay.com/uk/privacy-policy), our PCI compliant payment system. Card details are erased automatically following your stay. Neither we, nor World Pay will share your information with any third party unless there is a legal reason to do so.
If you use our website contact form, a record of your email is stored securely on the website and securely deleted after one year. We also back up our website to an external secure server which will contain a record of emails sent via the contact form. All contact form information and reviews, submitted via our website, are accessible by our website manager. This information is used by the website manger as explained in this policy and is kept confidential and secure.
Guest Registration
For guests not booked in advance we are required by law to collect the information below. We do this by asking you to complete a registration form on arrival.
- Name, address and contact details
- For overseas guests – Name, address, nationality, passport number, address of next destination
Cookies
We collect anonymous tracking information via Google Analytics, Google Webmaster Console and Bing to better understand how visitors use our website. This information is kept for two years. Please refer to our Cookie Policy for further information.
Retaining personal information
We retain personal information about you for the period necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required or permitted by applicable law.
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us. When your information is no longer required, we will ensure it is disposed of securely.
Data Security
No data transmission over the Internet can be guaranteed to be secure from intrusion. However, we maintain physical, electronic and procedural safeguards to protect your personal information in accordance with applicable data protection legislative requirements. We have put in places procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach as required by regulations.
Access to your information
You have a right of access to the information we hold on you, as well as the right to request we amend it or delete it, unless prohibited by law. This will be done within 30 days of the request. There is no charge to access, update or delete your information. You can contact us to request this by email: john@castlegreenbandb.co.uk or by post to: John Green, Chalet Bungalow, Butts Drive, Matlock, Derbyshire, DE4 3DJ.