This privacy statement describes the use Bridge of Orchy Hotel (‘We”/”us”) make of information relating to users of this site. Bridge of Orchy Hotel are data controllers under data protection law. References to “you” or “your” means the user of this website. This privacy statement forms part of our website terms and conditions. This privacy statement relates to information which identifies particular individual users. Additional terms & conditions regarding the collection and use of information may also be provided to guests staying in our hotel.
What information is collected?
User-supplied information: when you register with us, we may ask you for your name, e-mail address, and other similar information. Any information supplied by the user is supplied with your consent unless otherwise stated. We will only use this information to assist you booking and staying at our hotel as well as to notify you of offers and availability. If we are to use your information for other purposes then we will state at the time of requesting your information the purpose for which we are asking for your information and the way it will be used.
How and when information is used:
We may use information described in different ways, for example:
- To market to users and/or permit third parties to do so, where the user has given their consent by opting in to receive marketing information and for it to be shared with selected third parties. Marketing may be via post, phone, email, SMS, automated phone call or other electronic means, according to the user’s opt-in selections.
- To provide services that users have requested;
- For system administration and to monitor website use; and otherwise as reasonably required to operate our business or as required by law.
How we protect user information:
We endeavour to protect users’ information in accordance with applicable law, but we cannot ensure the security of any information a user transmits to us. Users transmit such information at their own risk. Security breaches involving personal data which is likely to cause a risk to the rights and freedoms of an individual will be reported to the Information Commissioner’s Office no later than 72 hours after the breach is identified, where feasible. Justification for the delay will be provided for any report not made within 72 hours. Individuals affected by a breach will be notified without undue delay, if the breach poses a high risk to the rights and freedoms of the individual. Security breaches unlikely to result in a risk for the rights and freedoms of data subjects may not be reported.
Who has access to the information:
We may disclose personal information for the above purposes where we have a legal obligation to do so or there is a legitimate interest in processing the information. We may share user information with third parties’ business parties and service suppliers for the above purposes and where it will assist your stay with us or you have asked us to do so.
How to correct inaccuracies:
You can request access to or correction of information held by us by emailing firstname.lastname@example.org or by writing to us at the hotel.
Under data protection law, you have the right to access the personal information that we are processing which identifies you. You are also entitled to request information which we are processing about you through automated means to be transferred to you or a third party. You are also entitled, in certain circumstances, to request that we stop processing information we hold on you, to object to any processing that we are undertaking on your information or to have the data erased.
a) You have the right to request access to your personal data and know more specifically, why and how we hold it.
b) You have the right to rectification of inaccurate personal data, and we will ensure that inaccurate or incomplete data is erased, amended or rectified.
c) You have the right to have your personal data erased if: i. the data is no longer needed for its original purpose and no new lawful purpose exists; ii. the lawful basis for the processing is your consent, you withdraw that consent, and no other lawful ground exists; iii. you exercise the right to object, and we have no overriding grounds for continuing the processing; iv. the data has been processed unlawfully; or v. erasure is necessary for compliance with EU law or specified British law.
d) We have the right to decline your request for erasure of personal data to the extent that data processing is necessary: i. for exercising the right of freedom of expression and information; ii. for compliance with a legal obligation which requires processing by EU or British law to which we are subject, or for the performance of a task carried out in the public interest, like public health, archiving and scientific, historical research or statistical purposes; or iii. for the establishment of, exercise of or defence against legal claims.
e) You have the right to restrict the processing of your personal data if: i. the accuracy of the data is contested (and only for as long as it takes to verify that accuracy); ii. the processing is unlawful, and you request restriction (as opposed to exercising the right to erasure); iii. We no longer need the data for their original purpose, but the data is still required by us to establish, exercise or defend legal rights; or iv. verification of overriding grounds is pending in the context of an erasure request.
f) You have the right to receive your own personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit the data to another data controller without hindrance from us unless this is technically unfeasible.
g) Whenever we justify in writing to you via privacy notice that the data processing we carry out of your personal data is on the basis of its legitimate interests, you can object to such processing. As a consequence, we would no longer be allowed to process your personal data unless we can demonstrate compelling, legitimate grounds for the processing. These grounds must be sufficiently compelling to override your interests, rights and freedoms, such as to establish, exercise or defend against legal claims.
Should you wish to exercise any of your rights under data protection law, please email email@example.com. If you have any issues about the way in which we are using your information, please email firstname.lastname@example.org and we will be able to consider the matter for you. Should you be dissatisfied with our response, you have the right to raise your concerns with the Information Commissioner’s Office.
This site is created and controlled by ORRMAC (NO:500) LIMITED (Co. No, SC134373) whose registered office is at 1 Rutland Court, Edinburgh EH3 8EY and is subject to Scots Law and the jurisdiction of the Scottish courts. We reserve the right to make changes to the site and this privacy statement from time to time. By using the site or supplying information to us, you are agreeing and consenting to the use of information relating to you as described in this privacy statement.