Currently, more and more information is being uploaded and shared across the web. For you to be confident using our services we want you to trust that not only are we providing you with the best deal, we’re also committed to ensuring your privacy is protected
2. Who is thesecretbnb [TSBNB]
We are your data controller for the purposes of the personal data we will collect. Our details are as follows:
thesecretbnb, a sole trader established 2019 of Powick Mills, Old Road, Worcester, Worcestershire, WR2 4BU
If you wish to contact us in relation to this notice, or data protection generally, please contact our Data Protection Officer by email on hello@thesecretbnb or by post using the address above, marked for the attention of the Data Protection Officer.
3. How do we process your data?
We will collect and process your personal data under some, if not all, of the following lawful bases: contractual necessity, our legitimate interests, consent, because it’s necessary for us to comply with a legal obligation, and where the processing is necessary for reasons of substantial public interest
4. Contractual necessity
Contractual necessity is where we collect your personal data because it is necessary for us to provide you with the service for which you registered. Without this data, we wouldn’t be able to provide you with the service.
We need personal data for the following reasons to provide our service to you:
· To provide your details where permissioned by you to in the event of actions requiring third party assistance, like a doctor or locksmith for example
· This may include several types of correspondence either via our website or SMS text message, online messaging, email or phone, for example: non-marketing communications about your payment, daily pet updates, reminders, and any communications in response to a query you have sent us
5. Legitimate interests
Organisations can rely on “legitimate interests” to process personal data where: (a) their reason for processing personal data is a legitimate business interest (e.g. it is not illegal, and it actually receives a benefit from it); (b) the processing is a proportionate way of achieving that interest; and (c) that legitimate business interest is not outweighed by the impact on the individual. We have completed that assessment and are satisfied with it for each of the purposes set out below
You do have a choice as to whether you provide us with your personal information and you have the right to object to us using your data for our legitimate interests, please see “Section 12 – Right to object”. However, if you decline to provide us with certain personal information this will impact the core service we provide to you
We have a legitimate interest in each of the following:
· Sending you emails, texts, social media, photos and updates about services, status and related communications relating to your cat, small pet or premises plus any other services for which you have contracted TSBNB to supply
· Customising our website and search results according to your interests, animals and services required
· Customising the material we send you (e.g. we might send you emails about special offers, or changes in care or timings, and or update you on issues that come to light on our visits
· Targeting online advertising to you on other websites because we believe it is relevant to you. For example, we might ask Google or Facebook to either (a) show you adverts from TSBNB based on your pet ownership or (b) show you adverts based on your visit to our website, e.g. where you have searched and read about a specific service, we might show you an advert for that service
· Improving our products, services and offers by emailing you asking you to complete customer experience reviews, which enable you to leave reviews of how you found the experience of dealing with builtcareers.com
· Monitoring website usage, including website usage statistics and third-party hyperlink click tracking. We use google analytics to do this and we do not have access to the underlying data, only aggregated views of it (e.g. to see how many users visited our website in a certain timeframe, which pages were most popular, and which website visitors came directly or via a search engine or social media source
· Creating Management Information to help us with pricing decisions
· Bringing a legal claim or defend legal claims against us
Where we rely on consent, we will only process your personal data in that way if you have told us we can. Usually this will be by ticking a box or agreeing over the phone. You have the right to withdraw consent at any time (see the section titled “Section 11 – How do you withdraw your consent for us to process your personal data” below)
We only rely on consent to send you communications that relate to your specific reason for registering on thesecretbnb.com
This is where we are required by a law or regulation to process your data to fulfil our legal obligations
We process your personal data to comply with our legal obligations where:
· We are required by any suitably empowered and recognised regulator to analyse customer feedback on the service to enable us to make product improvements
6. What personal data do we collect?
To enable us to process your data for the reasons set out in “Section 3- How we process your data” we collect the following personal data:
· Personal information such as name, email address, postal address, telephone number
. Information you submit when registering - all is kept in encrypted form
· Account, pricing or other adjustments made during the contractual period term
· Your bank details and or credit card information if you choose to not use cash
· Personal information such as name, email address, postal address, telephone number, to be able to notify other third parties according to your preferences and permission given when you registered
· If you register to use our service we may upload your email address to Facebook for the purposes of creating a lookalike audience for marketing. A lookalike audience is where Facebook use an email address to find individuals with similar characteristics who are registered with Facebook – Facebook will then show our ads to these individuals
· Which products or services in which you’ve previously shown an interest
· We also collect website usage data, including:
· Your IP addresses
· The browser you used to access our website
· The website from which you came
· The device used to access our website
· The pages you visit on our website, and
· The hyperlinks to other websites on which you click
· Consent (for marketing relating to special categories of data only)
· Personal information such as name, email address, postal address, telephone number.
7. From where do we obtain your personal data?
We obtain your personal data in the following ways:
· From you via web forms or telephone, for instance when signing up for an account
· Automatic recording, your location through your IP address, your internet service provider and the type of device or browser you are browsing with.
· From the social media accounts, if you connect to our Facebook account pages. Note: the personal data from social media accounts that we have access to is determined by the permissions you give Facebook in your own privacy sessions, ranging from very limited to public.
8. How do we share your personal data?
In general, access to your personal data will be restricted to those who have a need to access it to carry out their duties (for example people providing our service to you, usually the owner Juliet Wallace-Mason or Paul Gardner, also an Enhanced DBS carer) and or those third parties to whom we may have to contact or rely upon in case of emergency or unforeseen circumstance and then only such data as you have permissioned in order for them to facilitate contact or assistance
However, we will also share your personal data with the following external third-parties in some circumstances:
· Fraud prevention agencies or other third parties that assist us in preventing fraud or other forms of risk (anti-money laundering agencies and credit agencies)
· Government authorities such as Her Majesties Revenue Commission (HMRC) or the police, if we are required to do so by law and we regard that request as reasonable
· Our insurers, legal advisers or other third parties who need access to it in the context of managing, investigating or defending claims or complaints
· Potential buyers of all or part of our business and/or their advisors
· Organisations that process your data on our behalf who are not allowed to use your data for any other purpose, for instance our web hosts
· Other companies within our group, for instance where they provide us services
We aim to share only anonymised data or aggregated data wherever possible. We will use secure means to store and share data. We also require third-parties to sign legally binding agreements not to use any information for marketing purposes and not to share this data. This may not be possible in all circumstances, for instance where we are obliged to disclose data to a regulator
9. Do we transfer your data outside of the EEA?
We store your personal data in cloud servers based in the European Economic Area (EEA). In certain limited circumstances, we may export personal data outside of the European Economic Area for processing, and we may use third party service providers who do the same. We only do that if there is a good reason to do it and where either:
· There are adequate safeguards in place (such as the appropriate contractual arrangements with suppliers, or adequacy decisions, depending on the destination country); or
· We are otherwise permitted by data protection law (for instance, where you consent, or such transfer is necessary to provide our service to you)
10. For how long do we keep your information?
If you are a customer, we will keep your personal information for a period of 6 years from your last booking. We need to keep your information for this amount of time as required by law or to defend potential legal claims.
Your bank and card details, if we hold them, will be deleted at the point that you cancel your registration. Email communication that we have had with you will be deleted 6 years after you last use our service and we will keep your personal information until either:
· you ask us not to, or
· you have not used the service for 24 months and you have not responded to the email we send asking whether you still want to be a customer
11. How can you opt out of receiving marketing communications?
If you do not wish to receive further marketing information about our products and services, you can contact us via any channel detailed within “Section 2 – Details”, and we will also include unsubscribe and suspend links within all our marketing emails.
12. How do you withdraw your consent for us to process your personal data?
You have the right to withdraw your consent to how we process your data in circumstances where we are using your data based on consent. The type of processing that this includes is under Section 4, “The Personal Data we collect – Consent”. To withdraw your consent, you can do this on our website in your “My account”, you can also call us on the number listed on the website or you can email our Data Protection Officer at firstname.lastname@example.org
13. How can you object to us processing your personal data based on our legitimate interests?
You have the right to object to other processing based on our legitimate interests, but we might not have to cease processing where you do so if either:
· We can demonstrate legitimate grounds for the processing which override your interests; or
· Where that legitimate interest is the establishment, exercise or defence of legal claims
To object to legitimate interests’ processing, please contact our Data Protection Officer using the details in Section 2 of this notice.
14. What are your rights concerning your personal data?
· You have the right to obtain your personal data from us except in limited circumstances. The first copy will be free of charge, but we reserve the right to charge a small fee for additional requests if they are disproportionate
· You have the right to require us to rectify any inaccurate personal data we hold concerning you
· Considering the purposes of the processing, you may also have the right to have incomplete personal data completed, by means of providing a supplementary statement or otherwise
· You have the right to require us to erase your personal data on certain limited grounds (including where they are no longer necessary for the purpose for which they were collected or where we rely on consent, which you withdraw, and there is no other legal ground for the processing)
· Where we process personal data, either based on consent or contractual necessity, that you provided to us, and we process that personal data by automated means, you have the right to require us to give you your data in a commonly used electronic format
· You have the right to object to our processing of personal data which we process on the grounds of our legitimate interests, as detailed in the paragraph titled “objecting to our legitimate interest processing” above
· You have the right to require us to restrict the processing of your personal data on certain grounds, including where:
· You contest the accuracy of the personal data and want us to restrict processing of your personal data while we verify its accuracy;
· The processing is unlawful, but you request a restriction of the processing rather than erasure;
· We (as controller) no longer need the data for the purposes of the processing, but you have told us you require us to retain that personal data for you to establish, exercise or defend legal claims; or
· You have objected to us processing your personal data on grounds of legitimate interests and want us to restrict processing of your personal data while we consider your objection
15. How can you make a complaint?
If we can’t remedy an issue you have, or you remain unhappy with how we are handling your data, you can lodge a complaint with the Information Commissioner’s Office (ico.org.uk)
The only cookies we use are ‘analytical cookies’. They allow us to count the number of visitors and identify which pages are being viewed, or used, with the sole purpose of analysing data about webpage traffic and to improve our website to tailor it to our customers’ needs. We do not store unencrypted personally identifiable information in the cookies
17. How do we use Google Analytics?
We use Google Analytics to help analyse use of our website. This analytical tool collects standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of our website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of our Website and to compile statistical reports on website activity for our website. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
We will use the analytics tool to track, and to collect, personally identifiable information of visitors to our site. We will associate data gathered from this site with personally identifying information from other sources as part of our use of the Google Analytics tool. Google will not associate your IP address with any other data held by Google. However, we do link an IP address with the identity of a computer user
18. What happens when you click a link to another website?
Our website contains links to third party websites, for example, events and other sports organisers, and links to social media, like Facebook or LinkedIn where provided#