1) Who are Santon Highlands Limited and What do we do?
Santon Highlands Limited is a company registered in Scotland under Company Registration No. SC188974 and having its registered office at 50 Lothian Road, Festival Square, Edinburgh EH3 9WJ. Santon Highlands Limited’s main office is at Santon House, 53-55 Uxbridge Road, Ealing, London W5 5SA.
Santon Highlands Limited rents out self-catering accommodation at The Highland Club, St. Benedict’s Abbey, Fort Augustus, Inverness-shire PH32 4BJ, such accommodation being advertised either wholly or in part on its website (www.thehighlandclub.co.uk) (“the Highland Club Website”).
The Highland Club Website is a website operated by us, which includes a communications facility or a booking service (“Booking Service”) operated by Eviivo Limited, a company registered in England and Wales under Company Number : 05002392 and having its registered offices at 154 Pentonville Road, London, N1 9JE.
Eviivo operates the www.toprooms.com and www.eviivo.com websites and the Booking Service, which includes the processing of online payments for bookings made via the Booking Service.
Please note that we are not responsible for the privacy policies of those third parties or the operators of the sites that offer our Booking Service, and we will not be liable for those third parties’ data protection policies and practices.
3) What personal information do we collect?
i) You may provide us with your personal information where you enter your personal information via the Highland Club Website, engage with us in respect of our Services, or correspond with us by phone, email or otherwise.
ii) Depending on the Services or information you request from us, we may ask you to provide the following personal information:
(a) name, date of birth, address, email address, telephone number and other contact details;
(b) bank account details or other payment or financial information;
(c) information about your personal circumstances including employment, business interests, property or other assets, or other information about you which we require to provide you with particular aspects of our Services.
iii) We may keep a record of any correspondence you have with us, including certain telephone calls which we may be legally required to record (but we will inform you at the beginning of the telephone conversation if recording will be necessary).
iv) With regard to each of your visits to the Highland Club Website we may automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
v) We may obtain data from you either by you inputting your personal details, by the automatic collection of information about you as you use the Highland Club Website, when we speak to you, or from third parties or websites. Third party information may include financial information from our payment processor partners that we use to update our records and to prevent and detect fraud, information from your mobile provider if you are accessing the Highland Club Website over a mobile device or information from a third party such as a social media or travel opinions site.
vi) We may collect personal information from you on your providing an accommodation review or a review of our Services.
vii) We may also collect information via a third party which may be an accommodation provider that you selected via the Booking Service, or a third party operating the website which made the Booking Service available to you (e.g. an online travel website, or regional/local tourism organisation).
viii) We may receive information about you from a third party source in connection with our Services.
ix) If you are an accommodation provider or business partner concerned with the protection of your personal data, we recommend that you use a separate business email, business address, business phone line and business bank account rather than use your personal data.
x) We may also gather information from cookies, web beacons or similar technologies from the internet. You can find out more about how we do that in the relevant section of this policy below and in our Cookies Policy. We use publicly accessible information to verify information we are provided with and to manage and expand Santon Highlands Limited’s business. We may also collect IP addresses, mobile device identifier details, your location, navigation and click-stream data, the time of accessing the website, properties you viewed, what you searched for, the duration of your visit, and other details of your activity on the internet.
xi) If you make or use social media features either on the Highland Club Website or via Santon Highlands Limited’s/The Highland Club’s social media pages, the social media provider may send us information in line with their policies. That information may include personal information such as your name, profile picture, gender, friend lists and any other information you have chosen to make available. Please note that, if you have friends using social media who are using the Highland Club Website or Santon Highlands Limited’s/The Highland Club’s social media pages, they may also have shared information about you with us through the social media platform. If you wish to prevent that sharing, you can do so by editing the settings/preferences in your account with the relevant social media providers
xii) We may, from time to time, receive information about you from other companies in The Santon Group, or from publically available sources. We may use this information in connection with our marketing activities (subject to section 11 below).
4) Why do we collect your information?
The data will be used, unless you tell us otherwise, for a valid lawful basis for processing together with a full range of business engagement activities by Santon Highlands Limited as well as ensuring compliance with legal regulations. Personal data requested by Santon Highlands Limited will be collected, used and retained only to the extent that it is reasonably required to do so to conduct our business effectively.
5) How we use your personal information?
i) We will use the information we hold about you for the following purposes:-
(a) We will use and process your personal information where we have supplied you (or continue to supply you) with Services, where we have arranged for the supply of another company’s services to you, or where you are in discussions with us about any new service. We will use this information in connection with our contract with you for the supply of those services, (or when it is needed to enter into the contract) and so that we can communicate with you in relation to those services (including notifying you of any changes to our Services).
(b) We may use and process your personal information where you have consented for us to do so in connection with our marketing activities (see section 11 below).
(c) You may withdraw your consent for us to use your information in this way at any time. Please see section 9 for further details.
(d) We may use, store and share your information where we are under a legal obligation to do so. This may include use of your information:-
(1) to verify your identity;
(2) in connection with any legal obligation on us to report any fraud or other criminal activity.
ii) We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:-
(a) analysis to inform our marketing strategy;
(b) we may undertake market research or ask third parties to undertake market research on our behalf and collect information in that way;
(iii) We may collect information via a third party which may be an accommodation provider that you have selected through the Booking Service:-
(a) for the detection and prevention of fraud and other criminal activities;
(b) to verify the accuracy of data that we hold about you;
(c) network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
(d) to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
(e) assess and improve our service and management of queries and complaints.
6) Who we share personal information with?
We will only disclose your personal information in accordance with applicable laws and regulations. We may disclose your information to the following third parties:-
i) any person with legal or regulatory power over us (such as HMRC, the police or the National Crime Agency or the Serious Fraud Office that may require disclosure on legal grounds);
ii) service providers engaged by us to help us run our business and perform the Services. Such service providers may include, for example, cloud or archive storage providers (engaged by us to provide electronic or physical storage facilities for our business data and your information) or providers of software or other IT resources or payment processors;
iii) we may from time to time use third party e-mail servers to send and track receipt of communications and analyse the pattern of such communications for trust and security purposes as well as to gather data, such as enquiry and booking data (on an anonymous basis), to assist us in better understanding our business. Our system does not hold messages indefinitely and they may not be accessible after the message has been delivered to you. Please therefore print a copy of any message which is important to you – for example a payment receipt or a booking confirmation;
iv) any member of The Santon Group, which means our subsidiaries, our ultimate holding company and its subsidiaries (from time to time) as necessary to perform the Services;
v) we may share your information with third parties who help deliver our products and services to you. Examples include third parties who are hosting our web servers, analysing data, providing marketing assistance and providing customer service. These companies will have access to your personal information as necessary to perform their functions, but they may not use that data for any other purpose;
vii) We may also share aggregate or anonymous information with third parties, including advertisers and investors. For example, we may tell our advertisers the number of visitors to The Highland Club Website. This information does not contain any personal information and is used to develop content and services we hope you will find of interest and to audit the efficacy of our advertising.
7) How do we keep your information secure?
i) We store the information you provide about yourself in a secure database and take appropriate security measures to protect such information from unauthorised access. For example, we have adopted internal data protection procedures and trained our staff on them with a view to preventing breaches of security. Where we make available to you any online portal or webhosted platform to provide any Services to you, all exchanges of information between you and any such portal or platform go through encrypted channels in order to prevent interception of your information. Public access to the information via any portal or platform is accessed via a web link and password. You should ensure that these are kept secret and not divulged to other people.
ii) We are compliant with the payment card industry security standard (PCI-DSS Level 1) via the Eviivo platform. Card details processed on the Highland Club Website via the Eviivo suite are encrypted and fully tokenised and are not held beyond the scope of the booking duration. We cannot be held liable for the security of any card information that you may have passed on to an accommodation provider or to a travel agency by means other than the Eviivo suite via The Highland Club Website.
iii) Note that, despite the measures taken by us and the third parties we engage, the internet is not secure. You recognise that your use of the Highland Club Website is entirely at your own risk. As the Highland Club Website is grouped to the internet, which is inherently insecure, Santon Highlands Limited cannot guarantee the information you supply will not be intercepted while being transmitted over the internet. Accordingly, Santon Highlands Limited has no responsibility or liability for the security of personal information transmitted via our website. It remains your responsibility:-
(a) to protect against unauthorised access to your user account;
(b) to ensure no-one else uses the Highland Club Website while your device is logged on to the Highland Club Website (including by logging on to your device through a mobile, Wi-Fi or share access connection you are using);
(c) to log off or exit the Highland Club Website when not using it;
(d) where relevant, to keep your password or other access information secret. Your password and log in details are personal to you and should not be given to anyone else or used to provide shared access for example over a network. You should use a password which is unique to your use of the Highland Club Website – do not use the same password as you use for another site or email account; and
(e) to maintain good internet security and avoid security threats. For example, if your email account or Facebook account is compromised this could allow access to your account with us if you have given us those details and/or permitted access through those accounts. If your email account is compromised it could be used to ask us to reset a password and gain access to your account with us. You should keep all of your account details secure. If you think that any of your accounts has been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. You should also tell us as soon as you can so that we can try to help you keep your account secure and if necessary warn anyone else who could be affected.
iv) As a result, others may nevertheless unlawfully intercept or access private transmissions or data.
8) How long will we store your information for?
We generally hold your personal data on our systems for as long is necessary to provide the Services. This is ordinarily 6 years from the date you cease to use the Services in order to allow us to refer to your information in correspondence with you, or in connection with legal proceedings.
9) Your rights
i) Right of access – you have the right to know if we are using your information and, if so, the right to access it and information about how we are using it.
ii) Right of rectification – you have the right to require us to rectify any errors in the information we hold about you.
iii) Right to erasure – you have the right to require us to delete your information if our continued use is not justified.
iv) Right to restrict processing – in some circumstances, although you may not be entitled to require us to erase your information but may be entitled to limit the purposes for which we can use your information.
v) Right of data portability – you have the right to require us to provide you with a copy of your information in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours).
vi) Where we rely on your consent as the legal basis for processing your personal information, as set out under section 5, you may withdraw your consent at any time. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our Unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
10) How does The Highland Club Website use my Internet Protocol (IP) address and collect Cookies?
We may collect information about your computer, including your IP address, operating system and browser type, for system administration and our own internal purposes. This is statistical data about our website users’ browsing actions and patterns, and does not identify you as an individual.
A Cookie is a small text file that is downloaded on to your computer’s hard disk when you access certain websites. Cookies allow the website to recognise your computer. A Cookie can identify the pages that are being viewed and this can assist us to select the pages that the visitor sees.
“Session” Cookies only exist whilst visitors are online on a particular occasion. These are temporary Cookies that aid your journey around the Site and remember the preferences you have selected during your session.
“Persistent” Cookies, which are not session-based, remain on a visitor’s computer, so that you can be recognised as a previous visitor when you next visit our Site. This allows us to collect information about your browsing habits whilst on our website, and this can be useful in assisting us to monitor and improve our services.
We do not store sensitive information such as account numbers or passwords in persistent Cookies and Cookies in themselves do not contain enough information to identify you. You will only become personally identifiable in relation to your browsing habits after you have formally provided us with your personal data for the purposes outlined in section 3 “What personal information do we collect?” above.
In addition to using Cookies, we might also use GIFs and other web tools, such as Google Analytics, to collect information about your browsing activities whilst on our website. In this respect the information that is provided is similar to the information supplied by Cookies, and we use it for the same purposes. Any information that we acquire about you using Cookies, GIFs, or other web tools is subject to the same restrictions and conditions as any other information we collect about you, as outlined in this Policy.
i) We respect your privacy and ensure we carry out our direct marketing activities in accordance with applicable laws and guidance.
ii) You may subscribe to our newsletter service. Santon Highlands Limited may offer different newsletters from time to time intended to enhance the services they offer. You may cancel your subscription to these email newsletters at any time through the unsubscribe button.
iii) We may use surveys to gather information about our users. From time to time, we request your input in order to evaluate potential features and services. The decision to answer a survey is completely yours. We use information gathered from surveys to improve our services.
iv) When you download or use apps relating to our websites, we may receive information about your location and your mobile device, including a unique identifier for your device. We may use this information to provide you with location-based services, such as advertising, search results and other personalised content. Most mobile devices allow you to turn off location services. If you have questions about how to disable your device’s location services, we recommend you consult your device’s manual, or contact your mobile service carrier or your device manufacturer.
v) We may contact you with marketing information by post or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies, unless and until you object.
vi) If you are an individual we will only contact you by email or electronic means with marketing information where you have given us your consent.
vii) Where we have obtained your email address in connection with our contract with you for any Services, or where you have made a positive enquiry about any of our services, we may also contact you with marketing information about similar services by email or other electronic means unless and until you object.
viii) We will share only the information necessary to deliver any supply of products and/or services by us to you or in order to ensure the successful completion of a transaction processed through our system or for related purposes.
ix) We may in addition from time to time share non-personal, non-individual information in aggregate form with third parties for business purposes, for example we may tell our business partners including regional tourism agencies and commercial distributors the number of customers in certain demographic groups. This does not involve the disclosure of any personal Information which can identify any particular customer in any way.
x) From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
xi) You may opt-out of receiving marketing communications from us by the following means:-
(a) Contact us at firstname.lastname@example.org;
(b) Follow the instructions included in each communication or newsletter;
(c) Use the Unsubscribe function; or
(d) Mail the request to us at the contact details provided below.
Please remember that if you change your preference it may take a short time for those preferences to become effective.
xii) You have the right to opt-out of our use of your personal information to provide marketing to you by informing us (if we call you by telephone), or by clicking the “unsubscribe link” on any marketing email that we send to you, or by contacting us as set out in section 14 below.
12) Following links from our websites
Our website may contain links to other sites. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
13) Updating, Maintenance and Accuracy of your Information
We do our best to ensure that all information held is kept up-to-date, accurate and complete.
Data populated by you (including your personal details entered in any fields) is your sole responsibility and any changes to any aspect of your personal data should be updated directly by you.
Please note that this policy will be reviewed and may be changed from time to time so please check the page on The Highand Club Website occasionally to ensure that you happy with any changes.
16) Complaints Procedure
If you wish to make a complaint about Santon Highlands Limited, our services or any associated matter, you may contact our Data Protection Officer by email, letter or fax. We do require complaints to be made in writing. Wherever possible, complaints will be dealt with promptly, and you will receive a response within thirty (30) working days.
Our contact details are as follows:
Santon Highlands Limited
53-55 Uxbridge Road
London W5 5Sa
Telephone : +44 (0203 478 3900
Fax : +44(0)203 478 3888
If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the supervisory authority in the UK responsible for the implementation and enforcement data protection law: the Information Commissioner’s Office (the “ICO”). You have the right to complain to the ICO about our collection and use of your information. You can contact the ICO via their website – https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.